46b6f5fd5defcf2845fb4d6af91d460224243043c20cf10f42254be102a8413a

Analysis

max time kernel
152s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 17:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d6a6f1334121d8f21e28266ab6d7688c.exe
Size

1.8MB
MD5

d6a6f1334121d8f21e28266ab6d7688c
SHA1

914e516c0a5d497c14597403f374d838adc1ccdf
SHA256

46b6f5fd5defcf2845fb4d6af91d460224243043c20cf10f42254be102a8413a
SHA512

0f3b3c2be689068da1188ab52baf108f7e4a899043b1039f72f40beb14a8fc95e26cbfcec5e0cbe5a3d29df3b7b3662295c7be4c33a38d99191bb0480765fda2
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqL:SCqm2Jpr0nNM7Dus7Nxi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/788-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228b1-5.dat	upx
behavioral2/memory/788-592-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.exe	d6a6f1334121d8f21e28266ab6d7688c.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.exe	d6a6f1334121d8f21e28266ab6d7688c.exe

C:\Users\Admin\AppData\Local\Temp\d6a6f1334121d8f21e28266ab6d7688c.exe
"C:\Users\Admin\AppData\Local\Temp\d6a6f1334121d8f21e28266ab6d7688c.exe"
1⤵
- Drops file in Program Files directory
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
805KB

MD5
2d00d2ec2fc5511130a8a64ff35d9494

SHA1
b625faf4d4171e1b8377242fd8838f399c0e742e

SHA256
7aed61a94e91d91a21cd5cd74ec1f19a65c7967a0924be024e64a7690e16ab7c

SHA512
3cdb55a4d4b851c4853fb90155cf833905a10a2b1e8a5060c8d728efe1e255156f62287db23f0a9b8ede99fa16107ade14e3a0f60c114aa66a0840cd25fac4e6

Download Submit
memory/788-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/788-592-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads