6bc43aa9c5918cf4b25a285509026e433d3487117c2d9ea850be9bdf2372e5c1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab72f514f38fc72c85dcc28e7479e4ed.exe
Size

1.8MB
MD5

ab72f514f38fc72c85dcc28e7479e4ed
SHA1

7c2cdc3db1174992aa4d986970f1f07f864105a0
SHA256

6bc43aa9c5918cf4b25a285509026e433d3487117c2d9ea850be9bdf2372e5c1
SHA512

167bfc3911b07cbc78945a2e8b05e901daa95ac3a15e58ee1df848046d7b1d11a8a98bbbf336931040c51f2547d5eab24369202910e761fd258a076479f7fd96
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq0:SCqm2Jpr0nNM7Dus7Nxp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2000-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0034000000016cab-5.dat	upx
behavioral1/memory/2000-3069-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2000-9228-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\weather.js	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\WET	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\RepairImport.php.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jpeg.dll	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaultagent.ini	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\ConnectUnprotect.sys	ab72f514f38fc72c85dcc28e7479e4ed.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.exe	ab72f514f38fc72c85dcc28e7479e4ed.exe

C:\Users\Admin\AppData\Local\Temp\ab72f514f38fc72c85dcc28e7479e4ed.exe
"C:\Users\Admin\AppData\Local\Temp\ab72f514f38fc72c85dcc28e7479e4ed.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
23f3df35e629f98ac4236c90b6b7897a

SHA1
b84229a2e8a3f010f28de148ae47daf3dff6d8a5

SHA256
d1e0e4b8b7f4fe67599bd3f4b411d241cb9750c628fa18cb6c581ff8b7c772ca

SHA512
f104fbb0ec1329260f2a739398dce107dc65083474f956d1e35ac0a07803f24a833aeeb620e16846fe73720fa96fd6adb0fdec99a85b53ed1bb8aca3f795b885

Download Submit
memory/2000-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2000-3069-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2000-9228-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads