03cd83a2f22333eefcf7cdbb7d295382c363e089f6d653a74a1a3f39bf96f377

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d579033a4e2f90a6d1616b21f6846908.exe
Size

1.8MB
MD5

d579033a4e2f90a6d1616b21f6846908
SHA1

28d51a791e00b4a7c1e5cbced08f69dc7e9f3ced
SHA256

03cd83a2f22333eefcf7cdbb7d295382c363e089f6d653a74a1a3f39bf96f377
SHA512

ba2272d57593f37b02d449be3a2759ba1ab6ee0a5c395ec84892935900ccee82b74587f181f8365d5e8ebc0f952e004b70522203437521c79294eb9b541b0ca0
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqy:SCqm2Jpr0nNM7Dus7Nxf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2932-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0032000000013a88-5.dat	upx
behavioral1/memory/2932-2279-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2932-9218-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Adak	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Mozilla Firefox\precomplete	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties	d579033a4e2f90a6d1616b21f6846908.exe

C:\Users\Admin\AppData\Local\Temp\d579033a4e2f90a6d1616b21f6846908.exe
"C:\Users\Admin\AppData\Local\Temp\d579033a4e2f90a6d1616b21f6846908.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
df9ab0cfb24fe40f442b08f02a2bc94c

SHA1
84f03bd6bfde4fe4df3863d7cf30d893e27941ee

SHA256
8084d7f877d8dc3cdafb461533831cd9a669ff7376122a636cf3b38952dec02c

SHA512
9fc5b1d5db0afc8deca0509f8a0b37ce021a726f5108d43d27d48361ae07a963a0b51ac6b43ea16780605865f6ac27ec38617605e75b0f770991edb2f5957965

Download Submit
memory/2932-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2932-2279-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2932-9218-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads