8c79327272d15c2dafef1d95941903512aeaebf7a0eaf1e23c994f215e9ccdd9

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aba7f0f3d637acd1139d3514474fbf41.exe
Size

1.8MB
MD5

aba7f0f3d637acd1139d3514474fbf41
SHA1

687e8d5ea7a860dbdc6d5cc66ad90b5778cba1fe
SHA256

8c79327272d15c2dafef1d95941903512aeaebf7a0eaf1e23c994f215e9ccdd9
SHA512

51530ecbd87880243569031be89b97aa1e6ab9adff43bd141ea94566a685b479bea7ab521264379b89a4e837369b17233fc20086d008ccedd9d538745ad7229f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq+:SCqm2Jpr0nNM7Dus7Nxn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2020-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000a000000015601-5.dat	upx
behavioral1/memory/2020-833-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	aba7f0f3d637acd1139d3514474fbf41.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.exe	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml	aba7f0f3d637acd1139d3514474fbf41.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf	aba7f0f3d637acd1139d3514474fbf41.exe

C:\Users\Admin\AppData\Local\Temp\aba7f0f3d637acd1139d3514474fbf41.exe
"C:\Users\Admin\AppData\Local\Temp\aba7f0f3d637acd1139d3514474fbf41.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
24ef82181f1290ff50dbe57b1a9db582

SHA1
0c3c3f5427ee9966de00d550ec5f7c4189984514

SHA256
a5a4f7f73d5053fcf4a1f11da751add6d2ee8efcebe49adfc5e37d815675074f

SHA512
9ad12f06b4b8457108c3d678542d5eef4a24b57dfb4f9ae1622200e1dc24a2d3072954674967f59451ffdbf4400dade2ee86f5500426c1beb36adbe5f09c9c83

Download Submit
memory/2020-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2020-833-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads