51c2a8a08e3e6cc94942d59400ae8eb18215a45ff0a93ad24a9493285566c727

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72365662315280e0e6cd067ea0cb11c5.exe
Size

1.8MB
MD5

72365662315280e0e6cd067ea0cb11c5
SHA1

26828351133d71dc75b9ccf8fe295d673335c2f7
SHA256

51c2a8a08e3e6cc94942d59400ae8eb18215a45ff0a93ad24a9493285566c727
SHA512

5c83bcb2dd3ef6cf77dd4838436ce0773ded2a7b56774fb087a85742de62a16f46f534c5556effbdc0478993ce9e79d1eb7114f94d1a2b750115f393f3e950a3
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqd:SCqm2Jpr0nNM7Dus7NxY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4520-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/4520-705-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	72365662315280e0e6cd067ea0cb11c5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\javafx.properties	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\LimitGrant.wmx	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\CopyDebug.css	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jawt.dll	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	72365662315280e0e6cd067ea0cb11c5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.exe	72365662315280e0e6cd067ea0cb11c5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.exe	72365662315280e0e6cd067ea0cb11c5.exe

C:\Users\Admin\AppData\Local\Temp\72365662315280e0e6cd067ea0cb11c5.exe
"C:\Users\Admin\AppData\Local\Temp\72365662315280e0e6cd067ea0cb11c5.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
47fa0dc91b8a6de2305b5886b12adf7a

SHA1
fee10224a831f6c9b5418b77d45f7c8f9ccaab3a

SHA256
bcd12756d591cb32ab88d06eef070b3f3c822075316d3eedc35d9cc257f95fcd

SHA512
996aa42e8c4b434639d50e2e1f0ff326cf643ac70d511dc1540945e1f573379ad7991827130ce1cd136bef6c40ae55777fed7266cf91fd6414490b551acba89a

Download Submit
memory/4520-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4520-705-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads