ab2648ed39ba3358dcb433b7a52a98e1d86dd42c6c541e3ef4d58c71aec20167

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d79782235fee09583245db055ff135db.exe
Size

2.8MB
MD5

d79782235fee09583245db055ff135db
SHA1

15987386641d7eaaa9c577c7cae95ee4de746aed
SHA256

ab2648ed39ba3358dcb433b7a52a98e1d86dd42c6c541e3ef4d58c71aec20167
SHA512

70367501f1009b476681cf843d02caec29e0728c179a862a579915750bfd97eb39ff29234ba0271ece46c6c9569a59ddd63871e7efc59f48b9de7633657490a1
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91S:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1000-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227dd-5.dat	upx
behavioral2/memory/1000-609-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\ir.idl	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.exe	d79782235fee09583245db055ff135db.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.exe	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll	d79782235fee09583245db055ff135db.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	d79782235fee09583245db055ff135db.exe

C:\Users\Admin\AppData\Local\Temp\d79782235fee09583245db055ff135db.exe
"C:\Users\Admin\AppData\Local\Temp\d79782235fee09583245db055ff135db.exe"
1⤵
- Drops file in Program Files directory
PID:1000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
ec20fc5a7943f318ee6a331f8fa299cb

SHA1
3feabd83a8a91222a59b2249223ea0f5b09eb30c

SHA256
cb6d1d18dc7337d657436a2c9bdea8f68d07d3a4bd6da7d8695e74a6d076e6c2

SHA512
f1b55a3f3794297970124cdd14e7047942ad50ac2df1794179a6353e8a3b0600c5448fe4e5a7358e50c0685d086602ea7558ffb9ed35e87219e13223850d275a

Download Submit
memory/1000-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1000-609-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads