ca02a93e7992491d3dd97c3eee5f893ce08a654b7cb308a1a861fc6054d4c665

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7546b0950d82e61ad923e9ff7332f533.exe
Size

1.8MB
MD5

7546b0950d82e61ad923e9ff7332f533
SHA1

0a926b135cab782c25377b3de1b4554ff8f9c906
SHA256

ca02a93e7992491d3dd97c3eee5f893ce08a654b7cb308a1a861fc6054d4c665
SHA512

2cca38db8e866cc2ab388abb37980347b1990c3d1459b7ba7fe40804d60c8af9a4888c039a7ff871d69e6425af8a03829a0e044793d9b10b4ac34aefa803d0c6
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq3:SCqm2Jpr0nNM7Dus7NxC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3648-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227ab-5.dat	upx
behavioral2/memory/3648-1702-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	7546b0950d82e61ad923e9ff7332f533.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-125.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-20_contrast-white.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.exe	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dll.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OLKFSTUB.DLL.exe	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\VungleSDK.winmd.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1850_40x40x32.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.exe	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\management.dll	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-125_contrast-high.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-72_altform-unplated_contrast-black.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalcMDL2.ttf.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\SmallTile.scale-125_contrast-black.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-48_altform-unplated.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-lightunplated.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.exe	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWAD.TTF.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Cloud.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorStoreLogo.contrast-black_scale-200.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LargeTile.scale-100_contrast-black.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.INF.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinFormsMathQuiz.xml.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-black_scale-100.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\resources.pri	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\vfs\System\mfcm140u.dll.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.exe	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\MedTile.scale-125.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-100.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-400.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\165.png.exe	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\182.png	7546b0950d82e61ad923e9ff7332f533.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\7.jpg.exe	7546b0950d82e61ad923e9ff7332f533.exe

C:\Users\Admin\AppData\Local\Temp\7546b0950d82e61ad923e9ff7332f533.exe
"C:\Users\Admin\AppData\Local\Temp\7546b0950d82e61ad923e9ff7332f533.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
439e71351dcf131c26a04ec7947110a5

SHA1
d1b75bea50e325a17fc4361bede4491ecd617b88

SHA256
aeb517ca1de546e6c2f0f4be9e05c158b22addfc2510f28a656b8f33fc154277

SHA512
536a339eab7e8e3e788524e296d7c591028f74122a2c6db9928f8d56c9a91fddf7e529aa9d3d05d6765a7afe49d42474264fb63249df58d3da62929c05509164

Download Submit
memory/3648-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3648-1702-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads