Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-02-2024 07:29
Behavioral task
behavioral1
Sample
ae04b9c0e639b48214035f0fc99a8acf.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
ae04b9c0e639b48214035f0fc99a8acf.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
ae04b9c0e639b48214035f0fc99a8acf.exe
-
Size
1.8MB
-
MD5
ae04b9c0e639b48214035f0fc99a8acf
-
SHA1
ceef02ada8cb0aeedb19dcdd242963fc56c5914a
-
SHA256
e739f82df513952342fa4db60ee0bf701d35172210a475bb7e672b03eee97991
-
SHA512
41bb89ca3bb05b9a5017e769c1abe004cded6ee30b2ef1219d06d81c4b6f957a4629416d2f3b581fbe0bc95a908d2c2bdf2a04a1f90c8f00cb917c4a0bacf03e
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqM:SCqm2Jpr0nNM7Dus7NxV
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/744-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x000200000002287b-5.dat upx behavioral2/memory/744-6500-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/memory/744-13443-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\desktop.ini ae04b9c0e639b48214035f0fc99a8acf.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\SEGOEUISL.TTF.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\MedTile.scale-100.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.exe ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationProvider.resources.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.exe ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Generic.xaml.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_AppList.scale-100.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\LICENSE ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-high\AboutBoxLogo.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-200.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxWideTile.scale-400.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-white_devicefamily-colorfulunplated.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\GameBarTasks.dll ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-unplated.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\ClientTelemetry.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-40.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_connect.targetsize-48.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-60_contrast-white.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-125.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-200_contrast-black.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorStoreLogo.contrast-black_scale-200.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\iacom2im.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_fr.json.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-400.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-20_altform-lightunplated.png ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-96_altform-unplated.png.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-125.png ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmgdsrv_xl.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-200_contrast-black.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymxb.ttf.exe ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\rt.jar ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.exe ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Tabular.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60_contrast-black.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-100_contrast-black.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml ae04b9c0e639b48214035f0fc99a8acf.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-125.png ae04b9c0e639b48214035f0fc99a8acf.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png ae04b9c0e639b48214035f0fc99a8acf.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD546937d674a455aca65fbe5ccd1bbbd96
SHA1a4c7919ab01cecc25f8c445f0407f4f9d24c7a86
SHA256ede1310863286d3330646ffa83d67743f49fd50437e418c4708b7e9694dd124d
SHA5120d877bf03ab080f71c24923dd5aadcc6f6ae691b786dcc44408117fc542ec6c1fb1814149c3476b4ce2a437b15bb59d7b41825084b5535da576296ce43abe8c6