2a374110e64ef3a864503352ed7da268388fc070df392ab8a18dfe33e412a4dd

Analysis

max time kernel
146s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 09:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8bef314cbd61660556a143a2e52eb0e1.exe
Size

2.8MB
MD5

8bef314cbd61660556a143a2e52eb0e1
SHA1

0ce52fcd2b90058eae5d36eb8b032ac161d91433
SHA256

2a374110e64ef3a864503352ed7da268388fc070df392ab8a18dfe33e412a4dd
SHA512

d0a9ef266f74b8fe15c668aa02b59c63c15b1584b6946412325b38554e3b9979892db7ffc0bb2a4418a31819566721914725e4d0fa6082bfe9416f7c35e18b60
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV911:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000800000001559d-5.dat	upx
behavioral1/memory/2408-635-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8bef314cbd61660556a143a2e52eb0e1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\HideEdit.M2V.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui	8bef314cbd61660556a143a2e52eb0e1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.exe	8bef314cbd61660556a143a2e52eb0e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.exe	8bef314cbd61660556a143a2e52eb0e1.exe

C:\Users\Admin\AppData\Local\Temp\8bef314cbd61660556a143a2e52eb0e1.exe
"C:\Users\Admin\AppData\Local\Temp\8bef314cbd61660556a143a2e52eb0e1.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.8MB

MD5
0877ab3557892dba72e0fd0a14af21a1

SHA1
dc76f88bab6e4e0c8b12defbe5e1f24035304b6d

SHA256
ae4280184287ca888cf550c4bcb6ee2b8a323905322c0f9a478006bcb58d0392

SHA512
b83616367453c6f5131b55366c7f31070f826063e41b07f9eb36893b739a0eab94922fa76ef2114e8eff809258f7393190e6e9bec7f4fd6e82a626e71aab59d4

Download Submit
memory/2408-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2408-635-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads