7c85cf697e3a3ea35c163ba84302e92e1b57a6279add439ad0d3e5196c79d530

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c1d00b86d691dff495c21cb6c781e01.exe
Size

1.8MB
MD5

8c1d00b86d691dff495c21cb6c781e01
SHA1

b36b5b54fcf70363f008744825725309bc953c96
SHA256

7c85cf697e3a3ea35c163ba84302e92e1b57a6279add439ad0d3e5196c79d530
SHA512

b55ecaebb846fa0dc91b89f4f64f01e868b111011e84557902f2b4a21549420b13d8f514e95b49fa251ec2ef268838f0cd294218d75416957efaba6347e126ac
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqm:SCqm2Jpr0nNM7Dus7NxD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3464-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227bf-5.dat	upx
behavioral2/memory/3464-1485-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	8c1d00b86d691dff495c21cb6c781e01.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEERR.DLL	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.INF.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSG.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.tlb	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\dbghelp.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICE.ELM	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\glass.dll	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.ELM	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\PPSLAX.DLL.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARA.TTF.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\THMBNAIL.PNG	8c1d00b86d691dff495c21cb6c781e01.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.exe	8c1d00b86d691dff495c21cb6c781e01.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.exe	8c1d00b86d691dff495c21cb6c781e01.exe

C:\Users\Admin\AppData\Local\Temp\8c1d00b86d691dff495c21cb6c781e01.exe
"C:\Users\Admin\AppData\Local\Temp\8c1d00b86d691dff495c21cb6c781e01.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
9f352821cb8604e84a68117bab48337a

SHA1
38220030662bdae828bbbc9ad65908f06f2b5deb

SHA256
abedde545f026e4cc205df2b6ed0023b61bc8f0b7809d63cca282f0be7544af3

SHA512
14c236d6c1c3a6d49bac18edd4728075e3038533f99d12304d722b68524e6e9696156ceb7ce9eecd7f20642f600f024b547d9297a0738c392d19ffa42f3a6aa0

Download Submit
memory/3464-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3464-1485-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads