8df310210e2855743fc25eba945c63954d875029b1a9982aa645285b702e3a9d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c40d27b484dc605e5cf611ae8707b93.exe
Size

1.8MB
MD5

8c40d27b484dc605e5cf611ae8707b93
SHA1

97eb7e48b7efdd495569899ecc2a2e480150deaf
SHA256

8df310210e2855743fc25eba945c63954d875029b1a9982aa645285b702e3a9d
SHA512

240f259df8b6d07677999672ad774fe4d8a985cf667b53c4463c985ecc9f9d00db8b93b98c5522dcae7cf548af82a306a67ffdbeaf76114414c5ad8ce1e47a38
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqM:SCqm2Jpr0nNM7Dus7NxV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/880-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0009000000015d23-5.dat	upx
behavioral1/memory/880-3168-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/880-9188-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	8c40d27b484dc605e5cf611ae8707b93.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\DVD Maker\offset.ax	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\omni.ja	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.exe	8c40d27b484dc605e5cf611ae8707b93.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.exe	8c40d27b484dc605e5cf611ae8707b93.exe

C:\Users\Admin\AppData\Local\Temp\8c40d27b484dc605e5cf611ae8707b93.exe
"C:\Users\Admin\AppData\Local\Temp\8c40d27b484dc605e5cf611ae8707b93.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
20d8b699c5d4a92a92139c9935e3054a

SHA1
437f699669e33771736df64665900b483c32312b

SHA256
75aa0dde6541629955b3c583feca69041c5d242816c7c31976f0d0a38c61aa50

SHA512
b194749f4cf27073bfacfdcd4e39f2255615ae3c4a04a9f5ec94d5dc1424fbdc28ff0ba5e24c819e92f02fe8d6c2fc265b1898fd038ac0bac9008c9e9232d956

Download Submit
memory/880-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/880-3168-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/880-9188-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads