51c2a8a08e3e6cc94942d59400ae8eb18215a45ff0a93ad24a9493285566c727

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72365662315280e0e6cd067ea0cb11c5.exe
Size

1.8MB
MD5

72365662315280e0e6cd067ea0cb11c5
SHA1

26828351133d71dc75b9ccf8fe295d673335c2f7
SHA256

51c2a8a08e3e6cc94942d59400ae8eb18215a45ff0a93ad24a9493285566c727
SHA512

5c83bcb2dd3ef6cf77dd4838436ce0773ded2a7b56774fb087a85742de62a16f46f534c5556effbdc0478993ce9e79d1eb7114f94d1a2b750115f393f3e950a3
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqd:SCqm2Jpr0nNM7Dus7NxY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2316-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000a0000000155f7-5.dat	upx
behavioral1/memory/2316-2907-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2316-9210-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\desktop.ini	72365662315280e0e6cd067ea0cb11c5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\ConvertReceive.001	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\CompareReceive.ppsm	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll	72365662315280e0e6cd067ea0cb11c5.exe

C:\Users\Admin\AppData\Local\Temp\72365662315280e0e6cd067ea0cb11c5.exe
"C:\Users\Admin\AppData\Local\Temp\72365662315280e0e6cd067ea0cb11c5.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
bf6c879f241ad46e9acf5a465d801549

SHA1
214bdfbacc73f64cfc0b919ac1dee0195a67f136

SHA256
18cf0410cb8a35fa658ed9fa71981922e744275bfe77c1f6383ef5d2f9cfd26b

SHA512
563b858620a4ba5b95c760ec4829dd1883016b40ca7d6bb67baa573ced6ad97afeab73f5a63fcaaa381c105778d622956418663d779657ce6a9bf955280a69b6

Download Submit
memory/2316-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2316-2907-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2316-9210-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads