088852f1b72ef4c4f03053b735a910210e910f5bcc801c1dfac730601aea3546

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ec2ba45589c0a32633769d330dc5885.exe
Size

1.8MB
MD5

8ec2ba45589c0a32633769d330dc5885
SHA1

c077e365271182c76475c34d27119aa021ac8779
SHA256

088852f1b72ef4c4f03053b735a910210e910f5bcc801c1dfac730601aea3546
SHA512

5cb95381727710ded976071e0be9baee138b722dbc7d286570104c00d961f3ed6f726093eddc44f357d0a41764aa4bd9064feecd0f667805452b52a43859f788
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqY:SCqm2Jpr0nNM7Dus7NxF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002e000000014636-5.dat	upx
behavioral1/memory/1740-821-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1740-9184-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe

C:\Users\Admin\AppData\Local\Temp\8ec2ba45589c0a32633769d330dc5885.exe
"C:\Users\Admin\AppData\Local\Temp\8ec2ba45589c0a32633769d330dc5885.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
917f024630559f2652c6139a0a126d48

SHA1
b4aa86194307388768ffb99847ef72f03008fd2c

SHA256
24661ce7a2513a91ea7730fbcbb089131ae2b74021979cb48c49ff3158124275

SHA512
ac780fe3b7ce8a282ef207197eb0a0be47693f3eab0e30599090c480a26de5b34a0c88255acc2149a438c66acf1057289bd9dda2786ae5412597fe0e2fc05151

Download Submit
memory/1740-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1740-821-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1740-9184-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads