ecb8eee886dfb5be587f8236fdc535a5e516fe6cac06438d19ca47c0a083e517

Analysis

max time kernel
124s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d55fdb8d0885970faa149eba8cd01759.exe
Size

1.8MB
MD5

d55fdb8d0885970faa149eba8cd01759
SHA1

370bbc934ae76c8a3c85d3783cc2faf456e0e12e
SHA256

ecb8eee886dfb5be587f8236fdc535a5e516fe6cac06438d19ca47c0a083e517
SHA512

cae0dcb5ad6cefdfab737de30cd19a9fdf5e998ba37e808f9d28ad82723594eca56a87007be64db5ec90c849cdcdec2168705038f1f0a1efb4fb404dfa464eed
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqy:SCqm2Jpr0nNM7Dus7Nxj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0036000000015e43-5.dat	upx
behavioral1/memory/1968-607-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	d55fdb8d0885970faa149eba8cd01759.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\7-Zip\7zG.exe.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.exe	d55fdb8d0885970faa149eba8cd01759.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.exe	d55fdb8d0885970faa149eba8cd01759.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.exe	d55fdb8d0885970faa149eba8cd01759.exe

C:\Users\Admin\AppData\Local\Temp\d55fdb8d0885970faa149eba8cd01759.exe
"C:\Users\Admin\AppData\Local\Temp\d55fdb8d0885970faa149eba8cd01759.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
6f2c1e12bb4d906a540448285c441f98

SHA1
350bb83d4d8a95d5cbfb54cf75b813fde4fbd51d

SHA256
daea491ecd82eca995c004739bc1c17c34a04e1fbfa7bad67e7d45916cf2e969

SHA512
658f75d1a085f721bb387b7b735e74d50c072004d8f593a85d365a6f0889ee3fc7987d3965da0ea0e50dd803205ca63cdded50c7665ffb9936e6a2dcf125a3bc

Download Submit
memory/1968-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1968-607-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads