7e9248061bd2904b58399299976d7f7e11218f0851eadbfecad1e14b65330190

Analysis

max time kernel
145s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbddb636f1cbe30c64e820a58c677c84.exe
Size

2.8MB
MD5

bbddb636f1cbe30c64e820a58c677c84
SHA1

486c36f492e5798040587dc3bc5244fefcec2e87
SHA256

7e9248061bd2904b58399299976d7f7e11218f0851eadbfecad1e14b65330190
SHA512

0808545fa8e416ca8776c6c26e94f88b58aa7f36f80c6c5ce3f47638e4ab40fcee2f7a37603212d7d8b3203b15843bb84d58ac735f2ed8ca4984b176473ef314
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91v:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x003300000001587f-5.dat	upx
behavioral1/memory/2376-285-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	bbddb636f1cbe30c64e820a58c677c84.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\BackupSplit.wdp	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\System\wab32.dll	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.exe	bbddb636f1cbe30c64e820a58c677c84.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	bbddb636f1cbe30c64e820a58c677c84.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	bbddb636f1cbe30c64e820a58c677c84.exe

C:\Users\Admin\AppData\Local\Temp\bbddb636f1cbe30c64e820a58c677c84.exe
"C:\Users\Admin\AppData\Local\Temp\bbddb636f1cbe30c64e820a58c677c84.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.8MB

MD5
419a1fc6d8528079bb475239d3c72816

SHA1
0d0ff4511210c1827f7f4275848eb1048f3d215e

SHA256
fb8714432fe11a70fce8163da4faac68390beb8ea2555e5e9a8a6de498f3235e

SHA512
7580fd4fb7412a9fa2fe445f0516176f7f6c997e3690d096772064e07ff9702a0fd2c74b47bd5e6156032d855328bba8c98a80a502cbdde59b776d5fdbc43c13

Download Submit
memory/2376-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2376-285-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads