671385830c158f28394ff56af6532e76d99355cfa0bb9d9e8e0cbf79beb95287

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86f2b9907f39a5dc7b362dcd0dc5f824.exe
Size

1.8MB
MD5

86f2b9907f39a5dc7b362dcd0dc5f824
SHA1

f32acbf514a82ae1e7283a6aae59c7877823cd10
SHA256

671385830c158f28394ff56af6532e76d99355cfa0bb9d9e8e0cbf79beb95287
SHA512

1f7e097dbf9fea40c65e1f8b24cab3f5dd45cbe1a3ec81c1e3b5931f713f50f00bd37a75b2c7ea38f892b3dae9648b666b360e9a1bc349fb8aef34e9d77edbf1
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqF:SCqm2Jpr0nNM7Dus7NxY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/524-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228ae-5.dat	upx
behavioral2/memory/524-6561-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/524-13405-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\desktop.ini	86f2b9907f39a5dc7b362dcd0dc5f824.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-40_altform-unplated.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\New-Fixture.Tests.ps1.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48_altform-lightunplated.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-48_altform-unplated.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationClientSideProviders.resources.dll	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\THMBNAIL.PNG.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-400_contrast-black.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-125_contrast-white.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64_contrast-high.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.f74ef681.pri	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-125.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSmallTile.scale-200.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-unplated_contrast-black.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-200_contrast-white.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailSmallTile.scale-100.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-64_altform-unplated.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_ko.json.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlInnerCircleHover.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-150.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyShare.scale-100.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-100.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-150.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_altform-unplated_contrast-white.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\LargeTile.scale-200.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.dll	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationFramework.resources.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\10.jpg	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-400.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ChakraBridge.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-200.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-96_altform-unplated.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\ReachFramework.resources.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-20_contrast-white.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleOnboardingCard.png.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.scale-400.png	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationFramework.resources.dll	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.exe	86f2b9907f39a5dc7b362dcd0dc5f824.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Microsoft.Xaml.Interactions.dll	86f2b9907f39a5dc7b362dcd0dc5f824.exe

C:\Users\Admin\AppData\Local\Temp\86f2b9907f39a5dc7b362dcd0dc5f824.exe
"C:\Users\Admin\AppData\Local\Temp\86f2b9907f39a5dc7b362dcd0dc5f824.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
555KB

MD5
c806802d4edd1bdf436311fbb75355a9

SHA1
e1275d539f61f87c1dd5ecfafce80737916858f0

SHA256
44121a4133490a8443adfe65376f8345c2ac94ac30ecf2601a3347781c34023b

SHA512
27e89a429e0797008774c8e9b8494c64939336d0134e8ee163f2bef75361b443ae7398e830f4e21fbf48baa61bd9787ea3b117a02c24c43a4b155076d7332ac7

Download Submit
memory/524-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/524-6561-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/524-13405-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads