4c5db6c155b5d7f9421053707a99b617df31274fdde68bc224b57525138972d3

Analysis

max time kernel
128s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3f2641e22bfd97f07e3de7cf64b3da9.exe
Size

1.8MB
MD5

b3f2641e22bfd97f07e3de7cf64b3da9
SHA1

8b4838510eb0f11595e053792271d51f79bdaee7
SHA256

4c5db6c155b5d7f9421053707a99b617df31274fdde68bc224b57525138972d3
SHA512

81e76af63b15511c65db7cd0b5a02a8fd1f6180134d904f556b793faf811ee35aef7ce1a12100da6ff68b0eefb53240a578c913e071ae3f82c426bc9bb56117a
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqtz:SCqm2Jpr0nNM7Dus7NxE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1744-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002a000000014b6d-5.dat	upx
behavioral1/memory/1744-775-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1744-9173-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	b3f2641e22bfd97f07e3de7cf64b3da9.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jre7\bin\wsdetect.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\library.js.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\clock.css.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\javafx.policy	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jre7\bin\nio.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.exe	b3f2641e22bfd97f07e3de7cf64b3da9.exe

C:\Users\Admin\AppData\Local\Temp\b3f2641e22bfd97f07e3de7cf64b3da9.exe
"C:\Users\Admin\AppData\Local\Temp\b3f2641e22bfd97f07e3de7cf64b3da9.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
1d64b9635eead6079db27f5c44c4863f

SHA1
2ae12de7f7094f43b10ef0575275784f42a9deaa

SHA256
38f798f7de331d5f333455e8e3f7fbad141de512d8d6179a697c08bb1b810fb3

SHA512
9cf235dabf4d749d77ceabc9e792ac7fd9a812cb5924b4f9e666fe3b32d39995616b68cf3eb948b1bd9c811a0e17bef589f660713b27268ed22bddef343faef7

Download Submit
memory/1744-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1744-775-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1744-9173-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads