088852f1b72ef4c4f03053b735a910210e910f5bcc801c1dfac730601aea3546

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ec2ba45589c0a32633769d330dc5885.exe
Size

1.8MB
MD5

8ec2ba45589c0a32633769d330dc5885
SHA1

c077e365271182c76475c34d27119aa021ac8779
SHA256

088852f1b72ef4c4f03053b735a910210e910f5bcc801c1dfac730601aea3546
SHA512

5cb95381727710ded976071e0be9baee138b722dbc7d286570104c00d961f3ed6f726093eddc44f357d0a41764aa4bd9064feecd0f667805452b52a43859f788
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqY:SCqm2Jpr0nNM7Dus7NxF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1952-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/1952-5949-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/1952-13385-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\desktop.ini	8ec2ba45589c0a32633769d330dc5885.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\locallaunch\locallaunch.js.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_~_kzf8qxf38zg5c\AppxSignature.p7x.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-100.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\System\msvcp110.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-150.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.resources.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-64_altform-unplated.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-30_altform-unplated.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyView.scale-400.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketchAppService\ReadMe.txt	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-lightunplated.png	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.Registry.AccessControl.dll	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\MyOffice.RuntimeComponents.winmd	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\154.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-200.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-125.png	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Immutable.dll	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymk.ttf	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\MediumTile.scale-200_contrast-white.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\VideoEditor.Common\Resources\ResourceDictionary.xbf	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-100.png	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\deploy.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_TicketedEvent_Light.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsFormsIntegration.resources.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.scale-125.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Resources.ResourceManager.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-200_contrast-white.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-125.png	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\System\msvcr110.dll	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.scale-100.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\StoreExperienceHost.dll.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-100.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\178.png	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-200_contrast-black.png.exe	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireSmallTile.scale-100.jpg.exe	8ec2ba45589c0a32633769d330dc5885.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms	8ec2ba45589c0a32633769d330dc5885.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-150_contrast-white.png	8ec2ba45589c0a32633769d330dc5885.exe

C:\Users\Admin\AppData\Local\Temp\8ec2ba45589c0a32633769d330dc5885.exe
"C:\Users\Admin\AppData\Local\Temp\8ec2ba45589c0a32633769d330dc5885.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
075e472c3662d111ab6b9b69d7dd42f1

SHA1
1c8795a14f41b5bb2fc89f4c39e7a09f2cf2cea3

SHA256
7b63e5254a433cf4f99197a17ea8630dc1672b5dd8094494c7556aea4b47e3a0

SHA512
c6faee1a12716fd392fd3b4810c54c0072d935f333a7a57b6c8537806c5493eda072434d5f759d8cbc19e886e0728ea84dba785136609adc2d8804e112e834fd

Download Submit
memory/1952-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1952-5949-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1952-13385-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads