b09c63c194863b088f7342e33e9a9e85e7e6ee3bec2e52e4765b2dd754e1d0b3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1706f89de21fd8d97a3d464a7e7709b.exe
Size

1.8MB
MD5

c1706f89de21fd8d97a3d464a7e7709b
SHA1

e8e7971b3ef5a15ba0362a2eebf1b2f8e9f331a7
SHA256

b09c63c194863b088f7342e33e9a9e85e7e6ee3bec2e52e4765b2dd754e1d0b3
SHA512

43adf09d2915a45f2753bd9f82d4f784f43c4fb72394d3ca78bd2082ca0c9ef6582c9423684b87d36615cd4536f0d160e99d91d765eecdf84c9b517bc56ccd4c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH8:SCqm2Jpr0nNM7Dus7Nx2c

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/808-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228aa-5.dat	upx
behavioral2/memory/808-4431-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/808-13453-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\desktop.ini	c1706f89de21fd8d97a3d464a7e7709b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\3DViewerProductDescription-universal.xml.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-lightunplated.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\23.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\WindowsCamera.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-16.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-white_scale-125.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-125.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-100.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\PortalConnect.dll	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-40_altform-unplated_contrast-white.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.dll	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.Local.dll	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Match.ps1	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\resources.pri.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\SmallTile.scale-200.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailMediumTile.scale-150.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Debug.dll	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_24x24x32.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-200.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-16.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-125_contrast-black.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-48.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-150_contrast-white.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\StoreLogo.contrast-white_scale-100.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-100.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ca-ES\View3d\3DViewerProductDescription-universal.xml	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-256.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-100_contrast-black.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\resources.pri.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-150.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-time-l1-1-0.dll.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseCore.dll	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\is-IS\View3d\3DViewerProductDescription-universal.xml.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-16.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-100_contrast-white.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-72_altform-unplated.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-100_contrast-black.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\168.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailBadge.scale-200.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-unplated_contrast-black.png	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlInnerCircle.png.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.exe	c1706f89de21fd8d97a3d464a7e7709b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\System\mfcm140u.dll.exe	c1706f89de21fd8d97a3d464a7e7709b.exe

C:\Users\Admin\AppData\Local\Temp\c1706f89de21fd8d97a3d464a7e7709b.exe
"C:\Users\Admin\AppData\Local\Temp\c1706f89de21fd8d97a3d464a7e7709b.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
64380698c1c791410ddaf2a05b2b0bb2

SHA1
d35e760233a17c501730b015d56470b995985e13

SHA256
cb6ca3a721687c9ca6d04f5e531699beb6ac800e4b89b8487cbe745106eb2391

SHA512
0ead49e10c24f8876b5f6fa466820e6d1dda1f173a840dcf76f1675ce5bfdaa5a66850526469427076e1a9bcb65a54e26913488ba7727851c18889005b785b7b

Download Submit
memory/808-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/808-4431-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/808-13453-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads