Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 16:35
Behavioral task
behavioral1
Sample
bf1520f6c6ec4d03b6150fd4653d6f6f.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
bf1520f6c6ec4d03b6150fd4653d6f6f.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
bf1520f6c6ec4d03b6150fd4653d6f6f.exe
-
Size
1.8MB
-
MD5
bf1520f6c6ec4d03b6150fd4653d6f6f
-
SHA1
9ea16372c906b39fbafc5debdb04839d21dc37b2
-
SHA256
989cbef56405036ba2980bb8ca563661f49d331b01a87f2f6477cf9d6cc0cdd5
-
SHA512
75c5bf2494752f9964ab9865f5ba4f501c2b8334b125d6a7e52a904241f5a243b721bd14a2feada5504c573d56e7d22195aa6dd1765c94b6473fabc868ff8ebf
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHF:SCqm2Jpr0nNM7Dus7Nx2l
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 9 IoCs
pid Process 3476 Process not Found 3476 Process not Found 3476 Process not Found 3476 Process not Found 3476 Process not Found 3476 Process not Found 3476 Process not Found 3476 Process not Found 3476 Process not Found -
resource yara_rule behavioral2/memory/2076-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0001000000022893-5.dat upx behavioral2/memory/2076-6007-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0001000000021db3-9160.dat upx behavioral2/memory/2076-11220-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI bf1520f6c6ec4d03b6150fd4653d6f6f.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125_contrast-black.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\OneNoteAppContracts.dll.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Linq.dll bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-125.png.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\SETUP.CHM bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OWSCLT.DLL bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\193.png.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Moustache.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\web_edge_permissions.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_scale-125.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-125.png.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-100.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.64f1ccdc.pri.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-125.png.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileMediumSquare.scale-100.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-100.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CommunityInterop.winmd bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_06.jpg.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Osf.dll.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Call_Reconnected.m4a bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.INF.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\PingImport.mpeg3.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2native.dll bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\3px.png.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Curve25519Wrap.dll.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\avutil-56_ms.dll.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VVIEWRES.DLL.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_k_col.hxk bf1520f6c6ec4d03b6150fd4653d6f6f.exe File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.exe bf1520f6c6ec4d03b6150fd4653d6f6f.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD5b787c40789f8f7c3422754c5186a4613
SHA14e4e2fe7a95ba266ee675aa3bafa2f90525ffbb9
SHA256a57d1c13e663491a2daec0db4c13da3a7fcc8838a915bb5ee7bfefb335c0dc93
SHA51299b3530f9007a2c9dca318e370210f289ea7dd2aa99fd488da20f067b3a38a82b0a3073335efafe200d4a5a01183727ab97c3db39f00d3f440ed2aab686b3aa6
-
Filesize
1.8MB
MD5fcbc7fe04e4ef525313aca99dbed29fd
SHA1225702a4a38d701d002dcf114dc57b00e0c686ec
SHA256bbcd9bb0940788d1a5048b506c42601efb9053589a854e7d05380daf2518721c
SHA5126c8547d037a40ca19d0fef41d0f04eeec2f26dab2ca6160bb3f9ad2dd587aa4c0444a41920d2e37cac5a4729a567ed60aa8b4e66e4a76da2a53c108f70fc771a