98daff4ee07e8fa20b346024ea965590b9b34fc3a4b984e739a0924a877d6830

Analysis

max time kernel
93s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 03:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

98516d8047082d5525538cd210078664.exe
Size

1.8MB
MD5

98516d8047082d5525538cd210078664
SHA1

68e85571a49151951a0bcee67d7c7a26b6d070d9
SHA256

98daff4ee07e8fa20b346024ea965590b9b34fc3a4b984e739a0924a877d6830
SHA512

10dd465165531f5f5aae7a544ccc59cd52cd3517c32c6b54f83ea527adee060127fea291ff16660d290439710f11e4b1779d7ecd7235a99f9c0a5bf47d6ec6e6
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqv:SCqm2Jpr0nNM7Dus7Nxy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2740-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/2740-5854-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2740-13405-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\desktop.ini	98516d8047082d5525538cd210078664.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxBadge.scale-400.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\PresentationFramework.resources.dll.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-200_contrast-white.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\OnlineMediaComponent.dll.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-100.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\TxNdi.dll	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-100.png.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-125_contrast-white.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-125_contrast-white.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-16.png	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-64.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxSignature.p7x.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\MSFT_PackageManagementSource.strings.psd1	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Queryable.dll.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.NameResolution.dll	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-125_contrast-white.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AdaptiveCards.Rendering.Uwp.lib.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.resources.dll.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-30_altform-unplated.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-125.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-300.png.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcr120.dll.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-125.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleLargeTile.scale-100.png.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-30_altform-unplated.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-125.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-100_contrast-high.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-30_contrast-black.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\LargeTile.scale-100.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsFormsIntegration.resources.dll.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jscripts\wefgallery_strings.js	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalSplashScreen.scale-100_contrast-black.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch.scale-125.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.scale-100.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-400.png	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Quic.dll.exe	98516d8047082d5525538cd210078664.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Xaml.resources.dll	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-unplated.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Uci.dll	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-100.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-unplated_contrast-black.png.exe	98516d8047082d5525538cd210078664.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1497073144-2389943819-3385106915-1000-MergedResources-0.pri.exe	98516d8047082d5525538cd210078664.exe

C:\Users\Admin\AppData\Local\Temp\98516d8047082d5525538cd210078664.exe
"C:\Users\Admin\AppData\Local\Temp\98516d8047082d5525538cd210078664.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
108fc923054a515d748b15e848676c89

SHA1
cc50531c7966fbbccb5eb943ffdf478188513ee2

SHA256
82c31c54396fc65ff522e331974248bed21bb2e5e98ed9e61635c863ecb62a0a

SHA512
baa51316f5fc6188cfcef15af5a5203777e299a080c5f5bde10869bc0b77218ab5f11b7978969ea93084eb027533000fb0b391480a00d1af28111024ccd0a306

Download Submit
memory/2740-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2740-5854-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2740-13405-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads