b3cd2efdfafb32e72fc10273fb639ec1e2e2a981d961a811b68004df67156af0

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 13:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9737ef20045658e27065a2f1d70645cd.exe
Size

1.8MB
MD5

9737ef20045658e27065a2f1d70645cd
SHA1

8755f7c394a90a22d0c5a4c1d19c6c1f816de90c
SHA256

b3cd2efdfafb32e72fc10273fb639ec1e2e2a981d961a811b68004df67156af0
SHA512

b8bef0673250b634692e841983b911406caa622d2fcbceb7b354778e8e6893fdf0e1f150d856aeba6559ec0f971789122d72d0c21f2d679ca3cfb0005860b9fc
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqD:SCqm2Jpr0nNM7Dus7Nxa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1944-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0001000000011ca6-4.dat	upx
behavioral1/memory/1944-727-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1944-9212-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	9737ef20045658e27065a2f1d70645cd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.exe	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.exe	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.exe	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.exe	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Mail\wab.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.exe	9737ef20045658e27065a2f1d70645cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.exe	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman	9737ef20045658e27065a2f1d70645cd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1	9737ef20045658e27065a2f1d70645cd.exe

C:\Users\Admin\AppData\Local\Temp\9737ef20045658e27065a2f1d70645cd.exe
"C:\Users\Admin\AppData\Local\Temp\9737ef20045658e27065a2f1d70645cd.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.3MB

MD5
5b0749059a0d895283501cfa173f6f96

SHA1
cf878ae489e5aa95faa9fda7921cc363d3b5d6fb

SHA256
e77bf50efbe9404711d1d930410a4ea300cb18619328a0774bf7d3be91cb7cba

SHA512
5e720baf6cf6286a7535fb212636d1f280ef474db344e7bc62a56146274ba1c96c1ad4c0899148158bfa107f2d223d98f3f8f9b28f3adfdc439a2c1f536a4161

Download Submit
memory/1944-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1944-727-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1944-9212-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads