f2a49ae84b8de1ba7c1e10b3a66d013752318887fc7c1ad7de648dc6d5ed96d8

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c777e1d50c32825078ef27cc0c47a5b8.exe
Size

1.8MB
MD5

c777e1d50c32825078ef27cc0c47a5b8
SHA1

6c513aaf2ff4799950b1f785c7679b1661cd12fd
SHA256

f2a49ae84b8de1ba7c1e10b3a66d013752318887fc7c1ad7de648dc6d5ed96d8
SHA512

b223eec4303403f489c1cf67e234d027be52f19bc0fa937d6ef5bf3149ec2f65fa1e87749d69b3e92e483f948707821efa4bf27e4cf729037a63e6786b0a36d8
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqT:SCqm2Jpr0nNM7Dus7NxW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3568-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/3568-5357-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3568-13433-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\desktop.ini	c777e1d50c32825078ef27cc0c47a5b8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\resources.pri	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-200.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-96_altform-unplated.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationUI.resources.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Mozilla Firefox\vcruntime140.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-150.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-16.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Json\CallAction-AdaptiveCard.json.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-72.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\msointlimm.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-125_contrast-black.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-96_altform-unplated_contrast-white.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\hand.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-100.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Json.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-150_contrast-white.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-100.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsFormsIntegration.resources.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-100_contrast-black.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-96_altform-lightunplated.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Default.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-white.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-24_altform-unplated.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-400.png	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\PointerIndicatorVertexShader.cso.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.PasswordManager.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\View3d\3DViewerProductDescription-universal.xml	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.ELM.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_altform-unplated.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Reflection.Emit.Lightweight.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Windows Defender\ja-JP\OfflineScannerShell.exe.mui	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\README.txt	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\white.gif.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-200_contrast-black.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Reader.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll	c777e1d50c32825078ef27cc0c47a5b8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-256.png.exe	c777e1d50c32825078ef27cc0c47a5b8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Net.NameResolution.dll.exe	c777e1d50c32825078ef27cc0c47a5b8.exe

C:\Users\Admin\AppData\Local\Temp\c777e1d50c32825078ef27cc0c47a5b8.exe
"C:\Users\Admin\AppData\Local\Temp\c777e1d50c32825078ef27cc0c47a5b8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
78b213dddea247936d9c18906d708392

SHA1
e16f5148b8652ef1d8ec9ed3f5240ddd3d82bc02

SHA256
d61524f13f278166b6fd7f7b969ccec324352314dae9ee296af340956c4be8b3

SHA512
f1b46e80eb3263a8b27d643556398883ccac9549cd22e91e3ba5056df8842639a3a602722dce4ced1202147658158a85da023797422b7d9d7df9a3d16c0670da

Download Submit
memory/3568-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3568-5357-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3568-13433-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads