03708e5d1ea54bb3ef2909a776f59b868bf1f37b4891fc1dd34d9476b739f702

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 14:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d6514cb77e43f1edf38668a1602c66a3.exe
Size

1.8MB
MD5

d6514cb77e43f1edf38668a1602c66a3
SHA1

42a51a4ea39b28cc97957c43c665fbe1538054a7
SHA256

03708e5d1ea54bb3ef2909a776f59b868bf1f37b4891fc1dd34d9476b739f702
SHA512

14abe61e7819d6352723842ebfa372e69f3c1c8f2aa8807dcbeebb59a4403c4db58d7c16eac54a4248d682bcd3259a2a5ecf089a0444cad0f56a1bf30abf1b0b
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqS:SCqm2Jpr0nNM7Dus7Nxn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4924-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227bf-5.dat	upx
behavioral2/memory/4924-1646-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	d6514cb77e43f1edf38668a1602c66a3.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-24.png.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-100.png	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.ELM.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-30_contrast-white.png.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp32.msi.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Base.dll	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-400_contrast-white.png.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_StoreLogo.scale-125.png.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileSmallSquare.scale-100.png	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-125_contrast-black.png.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-125_contrast-white.png.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\farewell.jpg.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\FeedbackThumbnail.png	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashWideTile.scale-125_contrast-black.png	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-200_contrast-white.png	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.exe	d6514cb77e43f1edf38668a1602c66a3.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\191.png	d6514cb77e43f1edf38668a1602c66a3.exe

C:\Users\Admin\AppData\Local\Temp\d6514cb77e43f1edf38668a1602c66a3.exe
"C:\Users\Admin\AppData\Local\Temp\d6514cb77e43f1edf38668a1602c66a3.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
b2abdd777cddc73750a47a2771a5e8a3

SHA1
070e858e3d5f35a4ac4afa064b9a524c79be2378

SHA256
5a58db3838da645db13a474dcfc67a9f8ad0bb5c222a4da623472b1f54ef0793

SHA512
c4ff5b9813d30d98d90c2b7e2f7b9f780c7bdfe12bc2e8cae4ef9612413b85b3d031cc4367d84655334424e1e97ceae059437ee0990c4189e4a7bbb0a668488b

Download Submit
memory/4924-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4924-1646-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads