Analysis
-
max time kernel
151s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 11:02
Behavioral task
behavioral1
Sample
72108696004ad4ed44ed74c62fa4c3d1.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
72108696004ad4ed44ed74c62fa4c3d1.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
72108696004ad4ed44ed74c62fa4c3d1.exe
-
Size
1.8MB
-
MD5
72108696004ad4ed44ed74c62fa4c3d1
-
SHA1
67cafff59ec8597c5e40f380925a1be0b7489bdb
-
SHA256
d60dddcfb44f107f51dfbcbb51989aaa1cdcf1cb5ca94c476260079ac8738826
-
SHA512
163bab25c18eb2d1ca704c14465e56f4c18cc7b73dda1d27633d7241686df1318351e3fdbfc782b5f010025b7b4502c499e020462cad0c6fd1b47d7db2898ab8
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq6:SCqm2Jpr0nNM7Dus7Nxn
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4928-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0002000000022910-5.dat upx behavioral2/memory/4928-739-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk-1.8\bin\jjs.exe.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jdk-1.8\lib\jawt.lib 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\System\msadc\msdaremr.dll 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\7-Zip\Lang\af.txt.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.exe 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms 72108696004ad4ed44ed74c62fa4c3d1.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD5ae3a2f0a5e78f2ccc3ec5cbc3f9f0f94
SHA12ebd8b698b756d49c04905159c72a86eefc2ca2b
SHA2562da60d72f5755a682a27f02676c3fc9808dc305c78aca0db654a56a82fd9929d
SHA512c5c926fce7258f0c2dbee5d550e69f4b8a0e1c01119c944ca36d80c24b587c4501b72b556552860cae2002750bc04daa3a8227ed61e3b22e8ce216b773c2375f