f2c30400417f471f389ee0522e7a3c35ce85f35a472022496ccfa363ac647a6b

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd5c8c6b2a59c7c4d924bee4d85f5616.exe
Size

1.8MB
MD5

bd5c8c6b2a59c7c4d924bee4d85f5616
SHA1

b36b4dc42a06f5a02238bb7126823c9ee76a5ca8
SHA256

f2c30400417f471f389ee0522e7a3c35ce85f35a472022496ccfa363ac647a6b
SHA512

6931bee9d36a9f6381affdf12aad5d40ec5d09127595835c37d456f05e36ddb3d486c4b56fccae70d6a72db0e5f88a1cae20e0c3c3b9a3f1baf20e68b1c0741d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqD:SCqm2Jpr0nNM7Dus7Nxe

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 21 IoCs

pid	Process
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found
3448	Process not Found

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3968-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x000200000002287b-5.dat	upx
behavioral2/memory/3968-5663-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000021ae9-10314.dat	upx
behavioral2/files/0x0001000000021b18-10492.dat	upx
behavioral2/memory/3968-13490-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\desktop.ini	bd5c8c6b2a59c7c4d924bee4d85f5616.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v11.1.Design.dll.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-200.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Buffers.dll	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnvpxy.cnv.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-200_contrast-white.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-100.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-200.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUB.TTF.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-150_contrast-white.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailMediumTile.scale-150.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\jawt.lib	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\System\vccorlib110.dll	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Windows Media Player\uk-UA\wmlaunch.exe.mui	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_contrast-white.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-200.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-100.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeSmallTile.scale-125.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Windows Defender\uk-UA\MsMpRes.dll.mui.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationProvider.resources.dll.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Utils.CX.dll.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-400_contrast-white.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\AppxSignature.p7x.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-32.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-400.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-125.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60_altform-unplated.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-fullcolor.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\[email protected]	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.513.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\Windows_Insider_Ninjacat_Unicorn-128x128.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\ShellPreviewConfig.json	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\WideTile.scale-125.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-200.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-32_contrast-white.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-100.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLargeTile.scale-200.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-125_contrast-white.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200_contrast-high.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_achievements.targetsize-48.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\KnownGameListRS4.bin.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.resources.dll.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-200.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.scale-125_contrast-black.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-200.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_scale-125.png.exe	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\AppxManifest.xml	bd5c8c6b2a59c7c4d924bee4d85f5616.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-lightunplated.png	bd5c8c6b2a59c7c4d924bee4d85f5616.exe

C:\Users\Admin\AppData\Local\Temp\bd5c8c6b2a59c7c4d924bee4d85f5616.exe
"C:\Users\Admin\AppData\Local\Temp\bd5c8c6b2a59c7c4d924bee4d85f5616.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
30805cb6a016757932c11bd1a66fd014

SHA1
35fa3f667982ed15b80ad075f6ee108237943311

SHA256
13eaf46a5f599fc57250aa9a34a2789fda8e9811c6a94e6e81c91d974c7601ad

SHA512
47fa56e55b008a89620194189a0142509a0acd72b968792118f310e7bca5adcb39bbaa29599a71c06c76c16d867cc6b92643c64001843cf6bed07adc42eb4bb0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
1.8MB

MD5
27a4be65c300eb6a5af0ee128e07855a

SHA1
c17f8c71a34f5530d90226b8153b2c90c2cd2bd9

SHA256
effb731fee7f9e9b0ec6a18bc4c870f3de3c76248e1f1418bca5265b638303d8

SHA512
542495da7c4d420d9ea30305008e48cb8873938aea3c9b1ce9ffc80c5e90fef5549c64cda5ebbc73365b391179237558f1d5cc800f52eb6a7b65fd9fe993ec08

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
1.8MB

MD5
cdc14b5bcf8f093af18472b912fa8e2b

SHA1
fffcaa7f9292fa00a05dc45eb5071b379e5fb6bf

SHA256
83fa9e37cf2c7bc1a39dcaa1a3bd3e2fca21e6faa48d99fd620437e4140e9b2d

SHA512
d2995e18f8b3addd4efe65aada05877b55653d64c83720226a51e76caa5f5a9ad479d71c1cfdc9f481f4b212713018f11244ef32828b4a46e0b32e4401f4711d

Download Submit
memory/3968-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3968-5663-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3968-13490-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download