59651d691832e84f26aea56f2f965ecf4f3e86b53be967f01e83ea67e5fe31c4

Analysis

max time kernel
152s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99c7ea15b0c60ba87d97a303ce5e5aad.exe
Size

1.8MB
MD5

99c7ea15b0c60ba87d97a303ce5e5aad
SHA1

b819c67c10298451b01aa8ae788aeffbba5043df
SHA256

59651d691832e84f26aea56f2f965ecf4f3e86b53be967f01e83ea67e5fe31c4
SHA512

efb10a372f3be3bc855b2dd8cd18c3f16126cd3da64022ca9f632a1734a2a91799f245bd145b805866454312dd91f28b51d88e8e7ebf5f4dec25b958a52fb259
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHy:SCqm2Jpr0nNM7Dus7Nx2S

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4268-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022794-5.dat	upx
behavioral2/memory/4268-528-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy.jar.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\prism_common.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\ConvertFromUpdate.ppsx	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.exe	99c7ea15b0c60ba87d97a303ce5e5aad.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui	99c7ea15b0c60ba87d97a303ce5e5aad.exe

C:\Users\Admin\AppData\Local\Temp\99c7ea15b0c60ba87d97a303ce5e5aad.exe
"C:\Users\Admin\AppData\Local\Temp\99c7ea15b0c60ba87d97a303ce5e5aad.exe"
1⤵
- Drops file in Program Files directory
PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
2e816b2981a4b777bfd957ac544b6a82

SHA1
85848723a8954fae5093225cba5de4a81701d058

SHA256
5945f11b12c72acd760d247ede8a00b48f0999139aeb5b347001ecf497b92a0f

SHA512
b26a85bc3e83536eef27cde7e3439654118bd9c8e4f8f3f8509210e3b77221ee94f331299f7abe5ccfdb4683b9f22f4bc333b0e101fe8b9a7dbb8cfa58e96e5f

Download Submit
memory/4268-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4268-528-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads