46b6f5fd5defcf2845fb4d6af91d460224243043c20cf10f42254be102a8413a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6a6f1334121d8f21e28266ab6d7688c.exe
Size

1.8MB
MD5

d6a6f1334121d8f21e28266ab6d7688c
SHA1

914e516c0a5d497c14597403f374d838adc1ccdf
SHA256

46b6f5fd5defcf2845fb4d6af91d460224243043c20cf10f42254be102a8413a
SHA512

0f3b3c2be689068da1188ab52baf108f7e4a899043b1039f72f40beb14a8fc95e26cbfcec5e0cbe5a3d29df3b7b3662295c7be4c33a38d99191bb0480765fda2
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqL:SCqm2Jpr0nNM7Dus7Nxi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2216-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0009000000015c78-5.dat	upx
behavioral1/memory/2216-2751-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2216-9208-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	d6a6f1334121d8f21e28266ab6d7688c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\SelectRevoke.mpg.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boise	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	d6a6f1334121d8f21e28266ab6d7688c.exe

C:\Users\Admin\AppData\Local\Temp\d6a6f1334121d8f21e28266ab6d7688c.exe
"C:\Users\Admin\AppData\Local\Temp\d6a6f1334121d8f21e28266ab6d7688c.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
5e09c32487e60033d1357df037d1bf39

SHA1
d4a372aaf8383f5c3cf49d49f8e4f0d605c620f4

SHA256
9c04a02dbae0457ba14be6e6ff6d237961e0968b6df3e4f4b5434524604a50cf

SHA512
119cb1d2b651141f3fb04113a7c880c89bce45a0c334978b9fa27a45ba986d42bd1dd5f6426f92675030f28dc387ae11dfd9d69fca06c48097d86e5dceb812e3

Download Submit
memory/2216-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2216-2751-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2216-9208-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads