9247b0dca6ed4c38b6848af27b79035246cd144fbf563dd40f384f6d3d520fec

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b0648438132d8015b9a8a3e6e4da030.exe
Size

1.8MB
MD5

8b0648438132d8015b9a8a3e6e4da030
SHA1

50fb421cd6feeeb62720da4a5a8bf1cc374e23b3
SHA256

9247b0dca6ed4c38b6848af27b79035246cd144fbf563dd40f384f6d3d520fec
SHA512

80e30bb5fe194371129a12a96a115151fa530acfe9cf1b6be8d6af9dfe56827b613ca82b9e3adafdd517815aa052ec4ffbbb2395ad3955bf5790da721494290b
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqU:SCqm2Jpr0nNM7Dus7Nx1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2356-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00090000000143ec-5.dat	upx
behavioral1/memory/2356-3021-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2356-9210-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\desktop.ini	8b0648438132d8015b9a8a3e6e4da030.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\slideShow.js.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jre7\lib\psfontj2d.properties	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fontconfig.bfc	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Mozilla Firefox\postSigningData	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe	8b0648438132d8015b9a8a3e6e4da030.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt	8b0648438132d8015b9a8a3e6e4da030.exe

C:\Users\Admin\AppData\Local\Temp\8b0648438132d8015b9a8a3e6e4da030.exe
"C:\Users\Admin\AppData\Local\Temp\8b0648438132d8015b9a8a3e6e4da030.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
2db27e55a946b9903662e1688a7da67c

SHA1
0cf4cc6b6caee0a86634e2ef5857a0cf609240ea

SHA256
68e55752cd5238b31ab0eee249641f2d26f22c194aaaa24f965205e2a74fcccf

SHA512
05891b7e3fba5c7d2d7ddba999618688d60613677dc66cbe129ccc84cb7f6b4b4eb4932b62df7d461e4bba24053ccc87b3cd086f287cdd8b833d8872b2ed2a45

Download Submit
memory/2356-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2356-3021-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2356-9210-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads