123d9d639d2bc078a0ba3d468fa81fc3d4a2a2003b4a2402dee8a74fa414aad5

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 10:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
Size

1.8MB
MD5

d5e7ca1bd8e2ca7b0fb11e25afcc516a
SHA1

048e4131e7bd8951323300bd81208a28b8b9530a
SHA256

123d9d639d2bc078a0ba3d468fa81fc3d4a2a2003b4a2402dee8a74fa414aad5
SHA512

4e78b358e625b7521f30c74b24cc87dadca43c3e7d2f4d9cf76961392f12ba8a8378da238a12e03d771786e4b77a8a9319b91a27f02ccc74c596ad31c1551f63
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqS:SCqm2Jpr0nNM7Dus7Nxb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1688-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228b1-5.dat	upx
behavioral2/memory/1688-530-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\release	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\management.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\packager.jar	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.exe	d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe

C:\Users\Admin\AppData\Local\Temp\d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe
"C:\Users\Admin\AppData\Local\Temp\d5e7ca1bd8e2ca7b0fb11e25afcc516a.exe"
1⤵
- Drops file in Program Files directory
PID:1688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:1028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
cad6fb6483ec65691e8c89eddc9f1a1f

SHA1
dad1793d4049f8dfc06a2b0b9b73d703ae0a14a4

SHA256
7ecac0357185c1ed761386f1b7dccc70c85ccbdf5b843da57756be432dfef17d

SHA512
e54358c3357338276ea4e74eab7d3d5a27fdb89cd81ab53b23977ca877c9a0c27e2ccdd051f6a65f4c75101af0cb1faded8a7cfec08aa0b33e291613d33a5a30

Download Submit
memory/1688-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1688-530-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads