63f021760fd2ec2fd8a14523d24d4c3bd4957c8fb5d9d64280cfaade70b925b3

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc9b53c59b41b1762eb69bab548b955b.exe
Size

1.8MB
MD5

bc9b53c59b41b1762eb69bab548b955b
SHA1

070f0742c3504658515fe453b4f5c2c61b92ea85
SHA256

63f021760fd2ec2fd8a14523d24d4c3bd4957c8fb5d9d64280cfaade70b925b3
SHA512

37497215cc02e1bd7f028a111b4fa636a01b17a052afd2a45312cdf0d9cc57ea8cef97d411ebe748f89a389be89012d09f97cfce44cc0eae13a8944bdcffd0e2
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqe:SCqm2Jpr0nNM7Dus7NxT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2852-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228a1-5.dat	upx
behavioral2/memory/2852-5442-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2852-13455-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\desktop.ini	bc9b53c59b41b1762eb69bab548b955b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-black_scale-125.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-400.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-200.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-80_altform-lightunplated.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-72_altform-unplated_contrast-white.png	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteMediumTile.scale-400.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-100_contrast-high.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LargeTile.scale-125_contrast-white.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\resources.pri	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.RuntimeInformation.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.ELM.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-32_contrast-black.png	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.scale-200.png	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Microsoft.People.Relevance.QueryClient.dll	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vcomp140_app.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Handles.dll	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-100.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_Error.jpg.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-125.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\Images\star_full.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-16_altform-unplated.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-64_altform-unplated.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeMediumTile.scale-200.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\PortalConnect.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\mfc140.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.INF.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\ResourceDictionary.xbf	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\MedTile.scale-200.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\telemetryrules\hxoutlook.exe_Rules.xml	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\ThirdPartyNotices\ThirdPartyNotices.html.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_altform-lightunplated.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-100.png.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\SourceAppService.dll.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-20_altform-unplated.png	bc9b53c59b41b1762eb69bab548b955b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.exe	bc9b53c59b41b1762eb69bab548b955b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms	bc9b53c59b41b1762eb69bab548b955b.exe

C:\Users\Admin\AppData\Local\Temp\bc9b53c59b41b1762eb69bab548b955b.exe
"C:\Users\Admin\AppData\Local\Temp\bc9b53c59b41b1762eb69bab548b955b.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
9c76b2855042a1ceedfd1ccdc8132f2c

SHA1
4a7c6c34f6d261f67aa3f1ee230215bf750c9c64

SHA256
ded655a721af256c4a4938e7ef591e9276eb0c5955d8cdd6f6635e288dcda480

SHA512
333442938134e0f94cddcf95c33f698618dacb97c0956c5012947ab437dcbf0b59cab8e4563a5db9ec5554bef4d5d2d4c737700838da06f8984560828f1c0c20

Download Submit
memory/2852-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2852-5442-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2852-13455-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads