c1ec236c2dd342bb661d1d20a7233d145b7587f045dec05d6a5976e025026f9e

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a368f6bd36b0f869dec3f9aaa0049554.exe
Size

1.8MB
MD5

a368f6bd36b0f869dec3f9aaa0049554
SHA1

5bdb7a94df8369daf365325ace7f2d1eb06eea51
SHA256

c1ec236c2dd342bb661d1d20a7233d145b7587f045dec05d6a5976e025026f9e
SHA512

d076d927611de0f58aa773abe7f003057597e1c488a6e3e660646d5bf81b9b041acf86d69ce205eb5d78a42e53ae7b7d8b3d87606c87e38110946a3d509cd828
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHk:SCqm2Jpr0nNM7Dus7Nx2E

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3520-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228a2-5.dat	upx
behavioral2/memory/3520-233-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\sound.properties	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.exe	a368f6bd36b0f869dec3f9aaa0049554.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll	a368f6bd36b0f869dec3f9aaa0049554.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.exe	a368f6bd36b0f869dec3f9aaa0049554.exe

C:\Users\Admin\AppData\Local\Temp\a368f6bd36b0f869dec3f9aaa0049554.exe
"C:\Users\Admin\AppData\Local\Temp\a368f6bd36b0f869dec3f9aaa0049554.exe"
1⤵
- Drops file in Program Files directory
PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
9da880c5990e0f18d127a00050791a26

SHA1
fa5fc7f4411d5d080661670a3bc6c8218ac5e6dc

SHA256
33940638ff491983ec61f1a8c5e66023988e16b3390fa11e18b9dcce8000e6e3

SHA512
81d01a4b717f55fadbb80fbbd49481af6c9fb33c29d6c98a073e8a288411150632fa3caeb55c758689ca9a61ecb4eb15563f63b7afd7493919d9b901191e9923

Download Submit
memory/3520-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3520-233-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads