75645a9886a9554c95463978b55b04b5bad1d84aae37d57588b01d3ae4b570f3

Analysis

max time kernel
145s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccefb67101f353b914306afbf95738e3.exe
Size

1.8MB
MD5

ccefb67101f353b914306afbf95738e3
SHA1

488e682b0a0bd67b16452f9a0c2f93175fa17112
SHA256

75645a9886a9554c95463978b55b04b5bad1d84aae37d57588b01d3ae4b570f3
SHA512

56b57caee40d2ef35bcdfb442a2e96205400afdc7c7f8df3d7eb2be0a7b10ce558dc2d5e310ce3865369a88b644a147d98f4c372b6d66b49398098dcffebe2e4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqz:SCqm2Jpr0nNM7Dus7Nx6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4508-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x000700000002333f-6.dat	upx
behavioral2/memory/4508-995-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\javafx-src.zip	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	ccefb67101f353b914306afbf95738e3.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.exe	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx	ccefb67101f353b914306afbf95738e3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	ccefb67101f353b914306afbf95738e3.exe

C:\Users\Admin\AppData\Local\Temp\ccefb67101f353b914306afbf95738e3.exe
"C:\Users\Admin\AppData\Local\Temp\ccefb67101f353b914306afbf95738e3.exe"
1⤵
- Drops file in Program Files directory
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3724 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:8
1⤵
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
f85d3a1aff79bbc33424c9a4f2135f1f

SHA1
9f34a73f6804cc269489a79a20d98b422ceb77c4

SHA256
c10933376163266b7c1e268026a15cc1e8280263094d417fb7bd316eeede4c1d

SHA512
7ece0b5605c0507e9ba181dc4aafffe007a9c8b5f2b1be3af8d08e63b419926bb9196a0e06d1cf02558c2895b07c33e705ff8782fc35dd200e59282ca4a72a0a

Download Submit
memory/4508-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4508-995-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads