a508616fddea83770b1661f635e3148fe5223fbd4201b4dd39c7540acf4787fa

Analysis

max time kernel
141s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

991f573e7e5ccb5bbc867be85960d9dd.exe
Size

2.8MB
MD5

991f573e7e5ccb5bbc867be85960d9dd
SHA1

26fc4679fc8a1126b674165dc9c16db9c5381f18
SHA256

a508616fddea83770b1661f635e3148fe5223fbd4201b4dd39c7540acf4787fa
SHA512

bffdd5c35bcf2a7ebacbcb0a403b42464ffebe0c30fc644215817a11dbf370726bfdc716269ea370e7097301ebf8497878ccfa47f03944c322dc8cfaee7348b3
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91l:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2976-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0010000000014984-5.dat	upx
behavioral1/memory/2976-551-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	991f573e7e5ccb5bbc867be85960d9dd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jre7\bin\libxslt.dll	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Merida	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.exe	991f573e7e5ccb5bbc867be85960d9dd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran	991f573e7e5ccb5bbc867be85960d9dd.exe

C:\Users\Admin\AppData\Local\Temp\991f573e7e5ccb5bbc867be85960d9dd.exe
"C:\Users\Admin\AppData\Local\Temp\991f573e7e5ccb5bbc867be85960d9dd.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.8MB

MD5
80d877c24c548798f17ab8ec16944976

SHA1
88f68d91f22d4d13c210d07a9740bb3b575efc40

SHA256
7bfa2b13a1bb5b1a51bdd3ad138d2a50c13b09dcb9aa6f8722dc0017da02f6b1

SHA512
9fe3bdee1a25aa0db8bce2fba64439be4848ae4df8997a3c40169553fcb28e6b1595e18ec30a6151868579fe143a6e89b8ea3d8cf6f69425a9afbb58089f7523

Download Submit
memory/2976-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2976-551-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads