dd3a2b6079a57ef8ee9c8ce10f25cbed4812c70f74e15e6632c533f83dc32178

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 11:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7a277d8fcf4af19db1b8434af37c6b0d.exe
Size

1.8MB
MD5

7a277d8fcf4af19db1b8434af37c6b0d
SHA1

b18ccf55a8ceaa293adf77b89bcaaad84867a2c7
SHA256

dd3a2b6079a57ef8ee9c8ce10f25cbed4812c70f74e15e6632c533f83dc32178
SHA512

72bef1c08d6f8b143de956dd408a1287064c6d77b230326881df0befefe834cc3514ecb46283e36507a950c809f02f80b172333f8fe4f006ee49eb09a1a303c9
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqF:SCqm2Jpr0nNM7Dus7Nxo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3452-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228b1-5.dat	upx
behavioral2/memory/3452-5595-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3452-13409-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\desktop.ini	7a277d8fcf4af19db1b8434af37c6b0d.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_altform-unplated_contrast-white.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-32.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfig.xml	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WideTile.scale-200_contrast-black.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxManifest.xml	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.Odata.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-60_altform-unplated.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-125.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewer\LoadingSpinner.glb.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.0\hostfxr.dll.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-24_altform-unplated.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\PartyChat.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreSmallTile.scale-100.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.Primitives.resources.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-400.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-400.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-200.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\TinyTile.scale-200_contrast-white.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.Lightweight.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationTypes.resources.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\clrcompression.dll.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-150.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-80.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-200_contrast-white.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\Magic_Select_add_tool.mp4	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleSplashScreen.scale-100.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Call_Reconnected.m4a	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrw.dll.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\GlobalMock-B.Tests.ps1.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Channels.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\MedTile.scale-125.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.NetworkTroubleshooter.winmd.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-36_altform-unplated.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationClientSideProviders.resources.dll.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupMedTile.scale-200.png	7a277d8fcf4af19db1b8434af37c6b0d.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-36.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_play_prs.png.exe	7a277d8fcf4af19db1b8434af37c6b0d.exe

C:\Users\Admin\AppData\Local\Temp\7a277d8fcf4af19db1b8434af37c6b0d.exe
"C:\Users\Admin\AppData\Local\Temp\7a277d8fcf4af19db1b8434af37c6b0d.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
3c639489976bf2887de65e76ca457fc9

SHA1
bd36fe019db2659bf0ccb0c82fe2750e1c99e8ab

SHA256
2d3ce10b2cd790ce2facee184f4a12c25868d5a0a0faec175c92fff0211ca74c

SHA512
f21d7adafec424f4ab8edea21efe91bef942f3c44c41ec0ae14bfd0c6fa7850456fac5ea1939cb9a0b23da0042de5574fefb618e8ed2a59f5210453d9035d22b

Download Submit
memory/3452-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3452-5595-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3452-13409-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads