68926bf5d0f3b903b3e0d254f17f5f3a99df942eb464ffce7c1cd7de99d9c54e

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c0ab2685381d78bc5995ba8fd50ac15.exe
Size

1.8MB
MD5

9c0ab2685381d78bc5995ba8fd50ac15
SHA1

658166068e99d99a73f8ca3511b67d63d81bf1b4
SHA256

68926bf5d0f3b903b3e0d254f17f5f3a99df942eb464ffce7c1cd7de99d9c54e
SHA512

8f8044725f88d35aa92104f781e7bde1ddbed14699b0745dbcd76e6d5485a1d39397928d27f681c84f4b86431fa843eb87ad88b9724c6aba685277820d8bf679
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqG:SCqm2Jpr0nNM7Dus7Nx3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3904-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/3904-736-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	9c0ab2685381d78bc5995ba8fd50ac15.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.exe	9c0ab2685381d78bc5995ba8fd50ac15.exe

C:\Users\Admin\AppData\Local\Temp\9c0ab2685381d78bc5995ba8fd50ac15.exe
"C:\Users\Admin\AppData\Local\Temp\9c0ab2685381d78bc5995ba8fd50ac15.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
187KB

MD5
415b01d8a2e9ded32e99df70c73f0b40

SHA1
4ecd62d75d9de2c5c6584ef6022d9698be988604

SHA256
b07bdee79451e1ad12124963ddacf2b4d57dab80bd27eb8529b0f721ed897a4d

SHA512
37c61852b2dfc5448b7c2fafa3cbed13016d1831db1dfe2ceadb8afbf096e4e7b1a4be8664676378ee2a6e9bb35b2bbafb40aebdca044cd2d0fb2621474a329b

Download Submit
memory/3904-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3904-736-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads