26433dc726a3dce41d5f932449ff28704d50b8a053f066905a10dfe600492caf

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 08:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

71b2f9d55e268141f658250a375231b3.exe
Size

1.8MB
MD5

71b2f9d55e268141f658250a375231b3
SHA1

2bf56445a3cb106d2bdc95e68bf591da0c07547a
SHA256

26433dc726a3dce41d5f932449ff28704d50b8a053f066905a10dfe600492caf
SHA512

e0a072d373ed370f68e3009c3549a28ad48753cdabb5124c0fa12ef6c3ec076e9b14ee5a2ec5ebe42712607d4317fc6ca413fb81d19cc1ad5cf11014b013c9aa
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHU:SCqm2Jpr0nNM7Dus7Nx20

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3700-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022794-5.dat	upx
behavioral2/memory/3700-1595-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	71b2f9d55e268141f658250a375231b3.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\EnableFormat.ps1	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.exe	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.exe	71b2f9d55e268141f658250a375231b3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.exe	71b2f9d55e268141f658250a375231b3.exe

C:\Users\Admin\AppData\Local\Temp\71b2f9d55e268141f658250a375231b3.exe
"C:\Users\Admin\AppData\Local\Temp\71b2f9d55e268141f658250a375231b3.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
8f59c87e420d1477a056ff5d00ce1ad7

SHA1
73c1651a6566d4a60a0df224e5dd593d7c5fc35b

SHA256
280f36ecd63f967806f2c03716e88b47e27de5ac39d86c5c95a447bf1881f52d

SHA512
7c2d98eab6e194fa1362c5c388e4f560e303437f26c89e04b7319124bab6f5b9497707169e318126de2d68a7505cca4c37b421f384b90b6d265260491c6f131f

Download Submit
memory/3700-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3700-1595-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads