Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/01/2024, 18:44
Behavioral task
behavioral1
Sample
781b1e856a21bf795c17b1944b8f72f7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
781b1e856a21bf795c17b1944b8f72f7.exe
Resource
win10v2004-20231215-en
General
-
Target
781b1e856a21bf795c17b1944b8f72f7.exe
-
Size
1.8MB
-
MD5
781b1e856a21bf795c17b1944b8f72f7
-
SHA1
3bbe074c172f7d9eb116b61599a5fac7ce1db4d1
-
SHA256
1bd0dd7a2974618befa98457c772fa08c08a999c0161eb8407c5b17eceaff254
-
SHA512
9692e2bd35c86c05883c97f933645f319ba99da42c708044e7d8da824349387ea3bc0185d095338c9bafd99a35f6c828369e212eaa96701188dfb981913a0169
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqz:SCqm2Jpr0nNM7Dus7NxO
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/880-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x00020000000228ae-5.dat upx behavioral2/memory/880-5721-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/memory/880-13399-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\desktop.ini 781b1e856a21bf795c17b1944b8f72f7.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-30.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-lightunplated_devicefamily-colorfulunplated.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-125.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Numerics.Vectors.WindowsRuntime.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-256_altform-unplated.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-125.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\autstbim.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-100.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white_devicefamily-colorfulunplated.png 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\AppConfig.json 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-96_altform-lightunplated.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-100.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\odffilt.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-40.png 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationProvider.dll 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\ExportConfig.json.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsStoreLogo.scale-200.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Input.Manipulations.resources.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_scale-125.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationNative_cor3.dll 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.exe 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-125.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-heap-l1-1-0.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\AppxBlockMap.xml.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\id_arrow_black.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-IN\en-IN_female_TTS\skin_en-IN_female_TTS.lua 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Writer.dll 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\Views\SlowMotionPage.xbf 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-20_altform-lightunplated.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsWideTile.scale-100.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-200_contrast-white.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-400.png 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClientSideProviders.resources.dll 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-100.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-24.png 781b1e856a21bf795c17b1944b8f72f7.exe File opened for modification C:\Program Files\Java\jdk-1.8\COPYRIGHT 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso50win32client.dll.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxLargeTile.scale-150.png.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.exe 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_MedTile.scale-125.png 781b1e856a21bf795c17b1944b8f72f7.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Net.Http.Rtc.dll 781b1e856a21bf795c17b1944b8f72f7.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD52a5a69638b31429e19efaad064f82c3b
SHA121b88d42fd39dddbe2bbf8d6767e2cb1d5b06e3b
SHA256dc43555161301e023fe51b97e38e67a8440ef5c055cd9594cf1386e42cf241d3
SHA512fee0e741f1290d086ccc736cac6cf92991c55b2caf31fac449aac650fc84a91390f8532e5a297b6517f680a39fa0e0bf3ee7f319d53c99e69b1930f2345ec129