0ca787aa4f950cfae15d34e67bcc5aab214c6d192685e5741a865d67fd2a2feb

Analysis

max time kernel
154s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9865490cdbcc9d4a5c3b6fe722884f5.exe
Size

2.8MB
MD5

b9865490cdbcc9d4a5c3b6fe722884f5
SHA1

ef8ddc13fd142a67f1cf6c2b7a7a1cec191f40a6
SHA256

0ca787aa4f950cfae15d34e67bcc5aab214c6d192685e5741a865d67fd2a2feb
SHA512

6401ef040c4174bccfed8191e51567f5c3fa7fd7f8be58d22c9be03ba2c13b489b126cd7dc421579254655a25b424f0c730a2070046a3afdb57213111fff76a5
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91w:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4780-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227bf-5.dat	upx
behavioral2/memory/4780-906-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dcpr.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.security.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jre-1.8\bin\hprof.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak	b9865490cdbcc9d4a5c3b6fe722884f5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.exe	b9865490cdbcc9d4a5c3b6fe722884f5.exe

C:\Users\Admin\AppData\Local\Temp\b9865490cdbcc9d4a5c3b6fe722884f5.exe
"C:\Users\Admin\AppData\Local\Temp\b9865490cdbcc9d4a5c3b6fe722884f5.exe"
1⤵
- Drops file in Program Files directory
PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
188433b49665f671b2454b3c932ace15

SHA1
edfc558f21bdbb08bf72fad3d7575486e402ecb4

SHA256
0c76fab71873e6db0c3be5b145f2290677c432f07ef24cd5ccac68c527162336

SHA512
47b90b268826c8dc78212f2ee91bccaffcb935dae0224a1e6738136c46ff63580bd8a811862607786918998e86a66423396d10638eaa00f233f9c245d4a90a00

Download Submit
memory/4780-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4780-906-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads