03cd83a2f22333eefcf7cdbb7d295382c363e089f6d653a74a1a3f39bf96f377

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d579033a4e2f90a6d1616b21f6846908.exe
Size

1.8MB
MD5

d579033a4e2f90a6d1616b21f6846908
SHA1

28d51a791e00b4a7c1e5cbced08f69dc7e9f3ced
SHA256

03cd83a2f22333eefcf7cdbb7d295382c363e089f6d653a74a1a3f39bf96f377
SHA512

ba2272d57593f37b02d449be3a2759ba1ab6ee0a5c395ec84892935900ccee82b74587f181f8365d5e8ebc0f952e004b70522203437521c79294eb9b541b0ca0
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqy:SCqm2Jpr0nNM7Dus7Nxf

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
3500	Process not Found
3500	Process not Found
3500	Process not Found
3500	Process not Found
3500	Process not Found
3500	Process not Found

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1648-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000022893-5.dat	upx
behavioral2/memory/1648-5605-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/1648-13437-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000218c3-13438.dat	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\desktop.ini	d579033a4e2f90a6d1616b21f6846908.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\LargeTile.scale-125.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\WideTile.scale-100.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_gameDVR.targetsize-48.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-100_contrast-black.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MOFL.DLL	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-100_contrast-black.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationProvider.resources.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-20.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100_contrast-white.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-125.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_2_Loud.m4a.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-100.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-125.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_5.m4a.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\WideTile.scale-100.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymk.ttf.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.scale-200.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarWideTile.scale-125.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-200.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-200.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-80_altform-unplated_contrast-white.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Rotate.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-white.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-unplated_contrast-white.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-250.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\registry.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-80_altform-lightunplated.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40_altform-unplated_contrast-high.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\15.rsrc	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-150.png	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-utility-l1-1-0.dll.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-100_contrast-white.png	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_start_a_coversation_v3.png.exe	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailWideTile.scale-400.png	d579033a4e2f90a6d1616b21f6846908.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md	d579033a4e2f90a6d1616b21f6846908.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.exe	d579033a4e2f90a6d1616b21f6846908.exe

C:\Users\Admin\AppData\Local\Temp\d579033a4e2f90a6d1616b21f6846908.exe
"C:\Users\Admin\AppData\Local\Temp\d579033a4e2f90a6d1616b21f6846908.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
3fc7e8e59d7e421a37dd3ef9c5306242

SHA1
9a20670a51556bc335ff25e4a4a949431f2a34b3

SHA256
495daf38bcb0cf2cbb62b9dac175398828f042d410635b787382afb18074f52f

SHA512
9f6fd0af5aa44327802262c93ee068e1158e322a75a54d2a61f0368bd33d50dba090927c2022113b7f3f921796e5705be0464ef190932d4ce930efc32a4b63cb

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
1.8MB

MD5
daff6e1957d56d013f15028d7d7e0bed

SHA1
7f9154068fffc2898f0daea989c023f32ab50332

SHA256
a9b648caa6dcffe5e7f01b3084a7be9529a45583e7de180df61d06a919719b87

SHA512
7e559f473257ef5e2ac8c508a69a652db27e86c1e6f19e67e7986ba994b75ba28cf38719a2a42729fcc3d4ca0e5b7a8833c93dc18b0663145da46455b0aa1ec1

Download Submit
memory/1648-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1648-5605-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1648-13437-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download