25315344fbb44904d090b9b2934b976337d240ea30657a2c63eff2026c0f6907

Analysis

max time kernel
91s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 06:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

caaed7537e695f8990f88618d2be5bd9.exe
Size

1.8MB
MD5

caaed7537e695f8990f88618d2be5bd9
SHA1

6b1460838786e754455bdb76579d2a0073e9453d
SHA256

25315344fbb44904d090b9b2934b976337d240ea30657a2c63eff2026c0f6907
SHA512

6b5b6d7fb93f52b92ad7e4566a2f831be321b2912d48e37232aefabd14d6c0c0677888b66cfdda602eb7f8856e414f7c9cfbff7175a411c7e7b52be34ec7079c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHS:SCqm2Jpr0nNM7Dus7Nx2y

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3732-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/3732-5730-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3732-13421-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\desktop.ini	caaed7537e695f8990f88618d2be5bd9.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-20_contrast-white.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymk.ttf	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Encoding.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-200_contrast-black.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-lightunplated.png	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\BC511AE6-709C-4371-BC56-72ECE237F064\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageLargeTile.scale-150.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-200_contrast-white.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\MedTile.scale-100.png	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\vccorlib140.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\symbol.ttf	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-48_altform-unplated.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-20_altform-lightunplated.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sq-AL\View3d\3DViewerProductDescription-universal.xml.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SKU.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-200.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.exe	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-400.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationTypes.resources.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\README.txt	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\27.jpg	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated_contrast-black.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe806.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-200_contrast-black.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-48_altform-unplated_contrast-black.png	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.ProtectedData.dll	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\WinMetadata\Windows.winmd.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-unplated_contrast-white.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\SphereVertexShader.cso.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.exe	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-200.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_BadgeLogo.scale-200.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-30_altform-unplated.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\electron-upgrade-screen-illustration.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-20_contrast-black.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\JumpListNotesList.png	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\MedTile.scale-200.png.exe	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\de-DE.mail.config	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-96_altform-lightunplated.png	caaed7537e695f8990f88618d2be5bd9.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll	caaed7537e695f8990f88618d2be5bd9.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.SqlDatabase.dll.exe	caaed7537e695f8990f88618d2be5bd9.exe

C:\Users\Admin\AppData\Local\Temp\caaed7537e695f8990f88618d2be5bd9.exe
"C:\Users\Admin\AppData\Local\Temp\caaed7537e695f8990f88618d2be5bd9.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
a2aaefebafcb2bcabe678978f5c778ed

SHA1
65dd3241132569d4d5c89489dc39dd12a914f7bb

SHA256
273aa1ff6e047bcec457241617ee6e359d8eb3fa0ddaf518bd0b2dfb308a89a6

SHA512
29fb1ad57141b3c4e7e7943a6c5a724dfa8052a1c452fd344999c0aeafdbe083c2715f2595f0111a88b261db6829bb82827272e69ed57d028de2933fcd55947b

Download Submit
memory/3732-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3732-5730-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3732-13421-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads