4471ce543e15cd60a60d037f7c8019942cd3132eca98542ebaa28ecea98631fa

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdf4b554c974ca1775191926865831ad.exe
Size

1.8MB
MD5

bdf4b554c974ca1775191926865831ad
SHA1

e73f5158edfb99ce105b9506be037e49b9d4b2b9
SHA256

4471ce543e15cd60a60d037f7c8019942cd3132eca98542ebaa28ecea98631fa
SHA512

e3ec52cc83219c455296b6dca332b3a96976565fe7a72537a3d699f895a770581b76ff6907d883bf207a89b34b3f5b5bd45c0c301dc47fea4e473ccb39cb5329
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqA:SCqm2Jpr0nNM7Dus7Nxx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3164-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228b1-5.dat	upx
behavioral2/memory/3164-742-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jfxwebkit.dll	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.exe	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms	bdf4b554c974ca1775191926865831ad.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt	bdf4b554c974ca1775191926865831ad.exe

C:\Users\Admin\AppData\Local\Temp\bdf4b554c974ca1775191926865831ad.exe
"C:\Users\Admin\AppData\Local\Temp\bdf4b554c974ca1775191926865831ad.exe"
1⤵
- Drops file in Program Files directory
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4312 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:3276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
f6f96cc5e1e567b4226da0049b5fd461

SHA1
d0e34072b483fc7264b123b2a0714294274d6836

SHA256
d1b90b5bb8d6a1343e56a8009114211749fdbca3c311ac1763e6ed4a033b3cd3

SHA512
6f31e940f0a848750c6a78d927f76c832ab26bd05b7e513b1f2ba48b9c9629354d7d8ecf127ab7b7c81a0cdeed200060f85694e071df353058fe0a85496cef7f

Download Submit
memory/3164-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3164-742-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads