40a98edcc7ae336b77f4e39cdf3752535b465d956304abfe5090bee25f125007

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 16:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f95f73a27e63400b752e84662339221.exe
Size

1.8MB
MD5

8f95f73a27e63400b752e84662339221
SHA1

90b8c6c69af7342435fec06a9332dd5b0d837786
SHA256

40a98edcc7ae336b77f4e39cdf3752535b465d956304abfe5090bee25f125007
SHA512

7d1f6643e54ebd4b958f0ab7df502b0c2f30820fb9c80039754576702e4b29c065022a0526005ca1b14ebad186228ff7e56629c06b0f8ef90a00d699f6c78d7a
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHI:SCqm2Jpr0nNM7Dus7Nx2o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002800000001603e-5.dat	upx
behavioral1/memory/1868-778-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1868-9217-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	8f95f73a27e63400b752e84662339221.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayman	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.exe	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.exe	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.exe	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.exe	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.exe	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.exe	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\7-Zip\descript.ion.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.exe	8f95f73a27e63400b752e84662339221.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.exe	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png	8f95f73a27e63400b752e84662339221.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.exe	8f95f73a27e63400b752e84662339221.exe

C:\Users\Admin\AppData\Local\Temp\8f95f73a27e63400b752e84662339221.exe
"C:\Users\Admin\AppData\Local\Temp\8f95f73a27e63400b752e84662339221.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
64KB

MD5
2bbebb4ae5ec4524323a2a6514d02eb0

SHA1
d3725c6102312d36da5a9d2b3c931f89a607e81a

SHA256
9a2127a891b447292adce248eef70ee502be1b5768a03ae9807f7a51b22d414f

SHA512
5c3dfb69941f344adc59c14bff696c10fcdc90f04c978336592a962b23508741abb962b5ca5130092aa719113a7e2efc45a15dc395d8ffe08a3a5896af23c031

Download Submit
memory/1868-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1868-778-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1868-9217-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads