58a8d37cfe286f1bc11872adb90a6b049e7d37c57c6f987175f8542090e9fa4b

Analysis

max time kernel
152s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 16:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac5d84bc3021bd56bbe577478b261e5e.exe
Size

1.8MB
MD5

ac5d84bc3021bd56bbe577478b261e5e
SHA1

f7b975663748298941dd4f256c4d71c634eb2636
SHA256

58a8d37cfe286f1bc11872adb90a6b049e7d37c57c6f987175f8542090e9fa4b
SHA512

cb0533e3f17d79aadd12d05fe362bc423716895d948286b39ccf4088af275aa9edc618257aee859362b844506c079f803739ffbbd12195203fc5ab774414977d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq9:SCqm2Jpr0nNM7Dus7Nxs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/816-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0008000000023312-6.dat	upx
behavioral2/memory/816-240-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\LICENSE	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\7-Zip\readme.txt.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll	ac5d84bc3021bd56bbe577478b261e5e.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.exe	ac5d84bc3021bd56bbe577478b261e5e.exe

C:\Users\Admin\AppData\Local\Temp\ac5d84bc3021bd56bbe577478b261e5e.exe
"C:\Users\Admin\AppData\Local\Temp\ac5d84bc3021bd56bbe577478b261e5e.exe"
1⤵
- Drops file in Program Files directory
PID:816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2264,i,7010714054498059916,1862725710331979271,262144 --variations-seed-version /prefetch:8
1⤵
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
43e6e8ab6936253a136d2eba0b02d2ca

SHA1
0fd10e9ad2f07e622116e1d01f11b8c42a06d627

SHA256
4eb2252fa8ef1f425cc802e6c1cf74644900ea4b43fe8fcaafa06e899ee14e14

SHA512
f3494e3dde2e4637b89bd990525ab3bef5b4323ce12b7e0c9678810c88be7585f7e4d10664593520bf309f5713f10441bca128ea873eaa6891635dd199548ae2

Download Submit
memory/816-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/816-240-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads