d60dddcfb44f107f51dfbcbb51989aaa1cdcf1cb5ca94c476260079ac8738826

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 11:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72108696004ad4ed44ed74c62fa4c3d1.exe
Size

1.8MB
MD5

72108696004ad4ed44ed74c62fa4c3d1
SHA1

67cafff59ec8597c5e40f380925a1be0b7489bdb
SHA256

d60dddcfb44f107f51dfbcbb51989aaa1cdcf1cb5ca94c476260079ac8738826
SHA512

163bab25c18eb2d1ca704c14465e56f4c18cc7b73dda1d27633d7241686df1318351e3fdbfc782b5f010025b7b4502c499e020462cad0c6fd1b47d7db2898ab8
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq6:SCqm2Jpr0nNM7Dus7Nxn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2088-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0009000000014825-5.dat	upx
behavioral1/memory/2088-2998-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2088-9186-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	72108696004ad4ed44ed74c62fa4c3d1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jre7\bin\java_crw_demo.dll	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Portable Devices\sqmapi.dll	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\psfont.properties.ja	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.exe	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll	72108696004ad4ed44ed74c62fa4c3d1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar	72108696004ad4ed44ed74c62fa4c3d1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.exe	72108696004ad4ed44ed74c62fa4c3d1.exe

C:\Users\Admin\AppData\Local\Temp\72108696004ad4ed44ed74c62fa4c3d1.exe
"C:\Users\Admin\AppData\Local\Temp\72108696004ad4ed44ed74c62fa4c3d1.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
a49a72f6a6a0e6234836202916e3e071

SHA1
e8d02e2f30b7490b9a125a615b9cb3fd1fe67bfb

SHA256
62909aa3d5f984e0a2fe97b68ade7b1ae5e50352823a1fb487a1396bea35a829

SHA512
8c83025af34954926b75b4bd755fd642b6ae5916788fcbf92f3049509f068285f39c5c487f25d3b6bc293f2f6578aab26441cf17d5a7b64ba08f95b9671f935d

Download Submit
memory/2088-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2088-2998-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2088-9186-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads