cc3ee2391cb812f031de2f7859a5ac921d18aa556af30d36cf4e97aa7f895fcc

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b68b91cfb4e8d4cf643d5216105d7faf.exe
Size

1.8MB
MD5

b68b91cfb4e8d4cf643d5216105d7faf
SHA1

9f160c4fb38a5af23d86a1bb379302593fde2f9d
SHA256

cc3ee2391cb812f031de2f7859a5ac921d18aa556af30d36cf4e97aa7f895fcc
SHA512

a70e0618839ca9223d3d7b69f15d47feaabce9425171a5df5412e8b3d2a8d6ca1bdbfb1cb851651212af3886fe07aa43534abd240a0dc1eeb5c546b88c9dc894
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHf:SCqm2Jpr0nNM7Dus7Nx2/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1720-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0032000000013420-5.dat	upx
behavioral1/memory/1720-3557-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1720-9191-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\desktop.ini	b68b91cfb4e8d4cf643d5216105d7faf.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jre7\lib\meta-index	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jre7\lib\alt-rt.jar	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jre7\bin\rmiregistry.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.exe	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png	b68b91cfb4e8d4cf643d5216105d7faf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html	b68b91cfb4e8d4cf643d5216105d7faf.exe

C:\Users\Admin\AppData\Local\Temp\b68b91cfb4e8d4cf643d5216105d7faf.exe
"C:\Users\Admin\AppData\Local\Temp\b68b91cfb4e8d4cf643d5216105d7faf.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
4df6c9c13b6279c1a1928df17821a247

SHA1
9a57e93b98effa9a85656c9d8fafa4960bc2d9d1

SHA256
eff23d72192a131d0e2ce54d2db7e4abb86d7177bcb95e2138c6388c054f45b5

SHA512
241a4efed7aea51fd34170a289c5e638dbe8a32c4438b8b123662eea5e5f6224f27381158f4e728a944cb548c7a91ba935829fcc4501af8abaedf81f6aaf2342

Download Submit
memory/1720-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1720-3557-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1720-9191-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads