b63517bb5c5d1648b80e3e471e1d7250fdd410ba5e7f83fcc585737a67e81a84

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c83b7dad3ee69025f76f97f1dbee3c7.exe
Size

1.8MB
MD5

8c83b7dad3ee69025f76f97f1dbee3c7
SHA1

7b0e64f787a210f7b946c8d03b77058c00c42587
SHA256

b63517bb5c5d1648b80e3e471e1d7250fdd410ba5e7f83fcc585737a67e81a84
SHA512

402cf8e254d986d380cd4971c669bd22c99d2ab10146eaecfd5dcae2748a8b354911a2135864728c2d1bb68972fc31e16ae7afb73b15f32e175aa859b28e3dd0
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHT:SCqm2Jpr0nNM7Dus7Nx2z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3176-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/3176-5246-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3176-13409-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\desktop.ini	8c83b7dad3ee69025f76f97f1dbee3c7.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-125.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\TxNdi.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\resources.pri	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-256_altform-unplated.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-60.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ShareProvider_CopyFile24x24.scale-125.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.ELM.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\SendComplete.mhtml	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-125_contrast-high.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-200.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-100.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-100.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40_altform-unplated_contrast-white.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\SmallTile.scale-100_contrast-white.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-400.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\LargeTile.scale-100.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WideTile.scale-100_contrast-black.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppUpdate.svg	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-48_altform-unplated_contrast-white.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-unplated_contrast-white.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.DataSetExtensions.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\white.gif	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTile.xml.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_8.m4a	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-150.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-36_altform-unplated.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\SystemX86\concrt140.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-150.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\Ringlesscalling_25more_360x120_2x.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\RuntimeConfiguration.dll.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\BadgeLogo.scale-100_contrast-black.png.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\MSFT_PackageManagementSource.strings.psd1	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClientSideProviders.resources.dll.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\Microsoft.VisualBasic.Forms.resources.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_altform-unplated_contrast-black.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Xml.dll.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\Ringlesscalling_25more_360x120_2x.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-20_altform-unplated.png	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\msproof7imm.dll.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Controls.Ribbon.resources.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.SqlServer.Configuration.SString.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.DataAnnotations.dll.exe	8c83b7dad3ee69025f76f97f1dbee3c7.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Input.Manipulations.resources.dll	8c83b7dad3ee69025f76f97f1dbee3c7.exe

C:\Users\Admin\AppData\Local\Temp\8c83b7dad3ee69025f76f97f1dbee3c7.exe
"C:\Users\Admin\AppData\Local\Temp\8c83b7dad3ee69025f76f97f1dbee3c7.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
01cf71d0688292e0ab67aeeef5ff6122

SHA1
4b5c277ee7eec8ea652eb166d3702033adc2e2b0

SHA256
fa4b7731f18b3f509310c63c2ccfc5380d8d626b70d5bb6282fdd6bda718b30e

SHA512
08883b8d8ffffd513b238c2b7b00d50b710a7d21ba574ca2d7cdd635a83fa6bf2aaa00ada5df8ee5fca9ed8ab134b9aa8b7e175ee494d3c59979eb633baeacd4

Download Submit
memory/3176-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3176-5246-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3176-13409-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads