f167414cc440351d36757c6a0fa8742ce22c08a2e458e8184a24ea2080b0c238

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1ac481057c224c7448e3cf5a9b1167a.exe
Size

1.8MB
MD5

a1ac481057c224c7448e3cf5a9b1167a
SHA1

319189a268583db0301955b447dcd4e0bd5de546
SHA256

f167414cc440351d36757c6a0fa8742ce22c08a2e458e8184a24ea2080b0c238
SHA512

2e774c9973d5cfc196e7cef01b9f996b95df67de58838c84acfb3e791d4bbe47c119605da08f5e08ab4f833cc65dbb67b7162f4fe12d6865c2f70e2b2ed893cb
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqI:SCqm2Jpr0nNM7Dus7Nxt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3916-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228a2-5.dat	upx
behavioral2/memory/3916-1601-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	a1ac481057c224c7448e3cf5a9b1167a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\office32ww.msi.16.x-none.vreg.dat	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\vreg\powerpivot.x-none.msi.16.x-none.vreg.dat.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADAL.DLL	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\System\FM20.DLL	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.INF	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.INF	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\PREVIEW.GIF	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.exe	a1ac481057c224c7448e3cf5a9b1167a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.exe	a1ac481057c224c7448e3cf5a9b1167a.exe

C:\Users\Admin\AppData\Local\Temp\a1ac481057c224c7448e3cf5a9b1167a.exe
"C:\Users\Admin\AppData\Local\Temp\a1ac481057c224c7448e3cf5a9b1167a.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
f4cbb5fd2051e5bfc4295ced7b0b18dc

SHA1
555e31099f9137fbdbe98517064272250d73e276

SHA256
1f1f10afb67a450cce5455be693e8b6a6266c093c9aeb75d4d35bda755c26e30

SHA512
a0d460e343565432134edeff9e4975f0256749a56823c8431a6a0b77560e1736549d84998cd4b6ef2358ef018c898b037332dd4c2fc36c78f96b3dd396a1619b

Download Submit
memory/3916-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3916-1601-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads