744e76dd3384bfb276fe8fbb1474c24f09080e8845209d78557b073459369e3d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb5c8c49d05813e5340694f0baad0d2.exe
Size

1.8MB
MD5

acb5c8c49d05813e5340694f0baad0d2
SHA1

51f7b5f41973e8e6c235e0a575c214c146b35021
SHA256

744e76dd3384bfb276fe8fbb1474c24f09080e8845209d78557b073459369e3d
SHA512

a318519e7cdc3a01b9c8861329a64a7d686e2269da6998c6ee08ac5271652d14285336842062b625e4b5badcd716f27fa2ebb1d123f70183a46c829628180315
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE:SCqm2Jpr0nNM7Dus7Nx2k

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/220-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022893-5.dat	upx
behavioral2/memory/220-6099-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/220-13447-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000218c3-13448.dat	upx
behavioral2/files/0x0001000000021db3-13454.dat	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\desktop.ini	acb5c8c49d05813e5340694f0baad0d2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-150_contrast-black.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-100.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Win32Bridge.Protocol.xml.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square310x310Logo.scale-100.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\YahooPromoTile.scale-200.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-32.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-30_altform-unplated_contrast-high.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Primitives.resources.dll.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Globalization.Calendars.dll	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-200.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\notifications_emptystate_v3.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-200.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationFramework.resources.dll.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\MedTile.scale-100.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-200_contrast-black.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache.scale-100.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\OcsClientImm.dll.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-200_contrast-black.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\upe.dll.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-black_scale-100.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\LargeTile.scale-100.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\WinMetadata\Microsoft.UI.Xaml.winmd.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-40.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\MedTile.scale-200.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\textinputdriver.dll.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-125.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\LargeTile.scale-125.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\notificationCenter_dark.css	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML	acb5c8c49d05813e5340694f0baad0d2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\PREVIEW.GIF	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-150_contrast-black.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-200.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-80.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_contrast-black.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-150.png	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl.exe	acb5c8c49d05813e5340694f0baad0d2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-125_contrast-black.png.exe	acb5c8c49d05813e5340694f0baad0d2.exe

C:\Users\Admin\AppData\Local\Temp\acb5c8c49d05813e5340694f0baad0d2.exe
"C:\Users\Admin\AppData\Local\Temp\acb5c8c49d05813e5340694f0baad0d2.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
b6a976c04054ad844c5f22779e607fdf

SHA1
98a49358eec037339b85ec12c14fa14a756d70f6

SHA256
31dc7e0865a917154dad9ecc4109ccbad6a39ee45c8d276694dd0af4bf748d1b

SHA512
ccdeb3f9b956d161010ab1bc2ccd36ab17c29641bbb3ce43b721b86e4709b965ea0120d22447ddd2a3dcdde18444f15f8d8b2e7cc44b1eb410eb23193e024c09

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
1.8MB

MD5
2787f6aa15c5fa9a35bacbad745fcacf

SHA1
0ccc467d14993007957868c69658e1487d1dd912

SHA256
7206a8870370194db410fa977b06775f0ccfc78a21b599c74871f5938db8405c

SHA512
5386fd03baf74bc969a883c153a4ae2bfc72c2237be9c739b5f2dac654bcbb36bd964e5d48c481ef4af9d7bf85ea17211962858babf460fcb43d61bd23909f72

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
1.8MB

MD5
04ae1c1ac5c4cba934800f3db96e005e

SHA1
b263dc28613328be6bb45f90b2b666a60f53d480

SHA256
1566c6c9870d5bb4c1897c0385ec080085a246075164f0f0817a71f6221836c9

SHA512
6e8f75c5f1d002317c64d7d78233372767f6827f714cdb100e036d5d244461c6383d417022c3a96cefdc6bc26c8ece499eba48b148daa2833f324dc452825afd

Download Submit
memory/220-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/220-6099-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/220-13447-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download