93acfb8cc0f5301d9fa41843196030afc9410ea7baf319fd655d50f063c78c6a

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bd917c883ff79ecd49e0ac2183e6c63.exe
Size

1.8MB
MD5

7bd917c883ff79ecd49e0ac2183e6c63
SHA1

5260409d8b40e58ff59a2156c3afe9e979c95261
SHA256

93acfb8cc0f5301d9fa41843196030afc9410ea7baf319fd655d50f063c78c6a
SHA512

d3021d94670ab0bbac29a5fafcda0d19bc01763a38360777ab040d791395dce5b03e455062faaf20e3145b197dc0b564314223a10f36ba0ec888af77d4f5c087
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHX:SCqm2Jpr0nNM7Dus7Nx23

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2176-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0032000000015c41-5.dat	upx
behavioral1/memory/2176-830-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2176-9213-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	7bd917c883ff79ecd49e0ac2183e6c63.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\ExitRename.xps.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar	7bd917c883ff79ecd49e0ac2183e6c63.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.exe	7bd917c883ff79ecd49e0ac2183e6c63.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar	7bd917c883ff79ecd49e0ac2183e6c63.exe

C:\Users\Admin\AppData\Local\Temp\7bd917c883ff79ecd49e0ac2183e6c63.exe
"C:\Users\Admin\AppData\Local\Temp\7bd917c883ff79ecd49e0ac2183e6c63.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
c3a4b1fd7f79f689d47a66dc2f94b687

SHA1
2630dda83baa122659ad9dce32c24b9cbd452747

SHA256
b84391505aa3e562cb8118f33f41c712fe545caf9fb3a38dc80260fffa2674f2

SHA512
00deb01924bf6e816487a8f4b5bf6252fb040f3e5b596d1bc0d0f66b4913382eeec99b4a6dcd59ceca57d5822cc00221281e5e8b8f33172312f179b3ffffa8b1

Download Submit
memory/2176-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2176-830-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2176-9213-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads