b2ce4c520ef3ce00600792957a27cbc6a2967cae8aa36ac1654d6e4552f0066c

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 21:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

758e33b7471a7c468efe51e41c38fb71.exe
Size

1.8MB
MD5

758e33b7471a7c468efe51e41c38fb71
SHA1

f4e34fa7f1c94c7f1db1a4a152737bed84a5d973
SHA256

b2ce4c520ef3ce00600792957a27cbc6a2967cae8aa36ac1654d6e4552f0066c
SHA512

d9c71c8dbea40b8c5db30ecfa5c74741128694813e93f682f63326dc4e505d8b59706aadbff104c1514ef82a28f52cee5de71376750cfd800be57339fbd99df5
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHb:SCqm2Jpr0nNM7Dus7Nx27

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2736-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228b1-5.dat	upx
behavioral2/memory/2736-5321-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2736-13388-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\desktop.ini	758e33b7471a7c468efe51e41c38fb71.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-150.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-colorize.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-200_contrast-black.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationTypes.resources.dll.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationFramework.resources.dll	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\msointlimm.dll.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_altform-unplated_contrast-black.png	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Net.WebHeaderCollection.dll	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-16.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-200_contrast-black.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\FreeCell.Wide.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_contrast-white.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-48_altform-unplated.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-125_contrast-white.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-200.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationProvider.dll	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-black_scale-100.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-400_contrast-white.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsWideTile.scale-200.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-300.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SKU.dll	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-20.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\msmdsrvi_xl.rll	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-200.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-400.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyView.scale-150.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.INF	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\es-ES.mail.config	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.ff33ee1b.pri	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_contrast-white.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_altform-unplated_contrast-white.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-100_contrast-high.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-96_altform-unplated.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Oart.dll.exe	758e33b7471a7c468efe51e41c38fb71.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-150.png	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-string-l1-1-0.dll.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_CarReservation_Light.png.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psm1.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_FR.LEX.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\FlatFreehand3D.mp4.exe	758e33b7471a7c468efe51e41c38fb71.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.exe	758e33b7471a7c468efe51e41c38fb71.exe

C:\Users\Admin\AppData\Local\Temp\758e33b7471a7c468efe51e41c38fb71.exe
"C:\Users\Admin\AppData\Local\Temp\758e33b7471a7c468efe51e41c38fb71.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
70deec08c81bd332041613c61780aefe

SHA1
fd91bdfc73c5283e9cae2bf337bb0f85bab61b6e

SHA256
038e357e2765c271a7b6df7f9483bde046bf1335b383f3400164ac948acbd91a

SHA512
585938d3c01ded372e7c390238b67a962e519c49b06003c9e58dc2b1817d115b6d6474a903efb6d1998b6b6d41e566e747ac73e10b0dc43738f351c901b2709b

Download Submit
memory/2736-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2736-5321-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2736-13388-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads