4ab9b88a2ccb5dfd3e1a41c5c852c12eff3cb7e6d27e4a09f6d2a2c379e92f33

Analysis

max time kernel
88s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 11:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

773888f522c023dce5cfc106f4a35252.exe
Size

1.8MB
MD5

773888f522c023dce5cfc106f4a35252
SHA1

e50b7b989cbdaefbf6827b62ba3c631829c0d517
SHA256

4ab9b88a2ccb5dfd3e1a41c5c852c12eff3cb7e6d27e4a09f6d2a2c379e92f33
SHA512

d05f4c0c9d52ff610aec3cba8d074484abecb9e030dd71b239c08860748d4cebb14666b5dbf9ff69040f5e2d527939ee23c633d83a7db6434d4045f852df858c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHe:SCqm2Jpr0nNM7Dus7Nx2+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4616-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228b1-5.dat	upx
behavioral2/memory/4616-6486-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4616-13395-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	773888f522c023dce5cfc106f4a35252.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-125.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-400.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.exe	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\beeps\skin_beeps.lua.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-100.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-150_contrast-black.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-64.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3.exe	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.map	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Movie-TVStoreLogo.scale-100_contrast-black.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\mixer_logo.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-black_scale-100.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsWideTile.scale-200.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.scale-100.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-150.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.exe	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-100.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_altform-lightunplated.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-fullcolor.png	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.ELM	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-125_contrast-black.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-100.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_scale-100.png	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\PresentationUI.resources.dll	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\MSFT_PackageManagementSource.schema.mfl.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\iheart-radio.scale-125.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-100.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-80_altform-lightunplated.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-200.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-125_contrast-black.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\MoveToFolderToastQuickAction.scale-80.png	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\SmallTile.scale-125.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\loc_archives\en-gb\loc.archive	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\WideTile.scale-200.png.exe	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore.dll	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Primitives.resources.dll	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.exe	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-125_contrast-black.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-64_contrast-white.png.exe	773888f522c023dce5cfc106f4a35252.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-125.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-32_altform-unplated_contrast-white.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-150.png.exe	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-unplated_contrast-white.png	773888f522c023dce5cfc106f4a35252.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\SmallTile.scale-200.png.exe	773888f522c023dce5cfc106f4a35252.exe

C:\Users\Admin\AppData\Local\Temp\773888f522c023dce5cfc106f4a35252.exe
"C:\Users\Admin\AppData\Local\Temp\773888f522c023dce5cfc106f4a35252.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.2MB

MD5
5e90c521de5c8af2463d56115572beac

SHA1
dcdb63465b96e2f1b06f9876b09440fc0f317487

SHA256
20d8f725b3082ca14ad404a437d58ba2d9f56da38b2ee1d4b167f9bde09e40ed

SHA512
cc46b8d6e95dc6fc7a8d4dfbd93b0f1b6923b51b1f21e6429e1c689fcc58392d3cdfad59ca49668dd3da2df6156023694ba1785042dcb3f4054da55839934a8b

Download Submit
memory/4616-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4616-6486-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4616-13395-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads