3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
Size

1.8MB
MD5

80d2bfd2d21c9f31b12a726532272a42
SHA1

4462f481cc32dc4a393433b208291b0d5ef97f4f
SHA256

3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd
SHA512

1cbddca9310ba6c844ed1d74d0fb8022458e78ad25a8124fc6d1d0b1cfe689f175400c925b9d2a6f4490b5029b11e0334d8c54fae9ac9682a17ab3e1f9a32532
SSDEEP

24576:9nWEFMFndnf8sHeHKHplfu94i55tbhris2CCEnWaWBvYyozGUIjnRnU:IEFMFnB8Y/Q94iZNrP2t0ZyyIjnRnU

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x001100000000f7fa-5.dat	upx
behavioral1/memory/2384-544-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\Program Files\desktop.ini	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\desktop.ini	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DissolveNoise.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng.txt	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdarem.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadrh15.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uz-cyrl.txt	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\networkinspection.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadcf.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cy.txt	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kk.txt	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadcer.dll	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe

C:\Users\Admin\AppData\Local\Temp\3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe
"C:\Users\Admin\AppData\Local\Temp\3003aca82072a7985ae46c5704e3ad6a78f1f72a2ef79f94ae226b38572f95fd.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
7.4MB

MD5
10911178441d301831f40d7fd22ab3e5

SHA1
44028032ce3865f1bcf9c84a47989dd3bb7b0098

SHA256
7eda49f1783fa046eb625322485bd49c196692460639f610be1bc7eb96bef748

SHA512
52faee90050cc27945bad4b126dd3b41fc7bcb4eb593c6f13ed93f2e67831d0a6fe9f50bc1467f9a8928f53751dd080570e5bb61c7c4182b41ec71ec83fae185

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer

Filesize
5KB

MD5
6b99099c6a9b959f824e420676fe3dc8

SHA1
ba9e3b5f2f7f710d263272019be5bf5db33bf614

SHA256
34d5d8dc208ef8c73bb46fb3002fa22b8954d52a4e53be3c56b9801aeab56918

SHA512
dfe061ddec4106e68c8ea789009b0e6bf7d27072bebd0bdb724e4ccadd215b9122b04198bbc362753e2b35af16d993ddf89b44b29bb79c0e7a16eeb97f3b3d26

Download Submit
memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2384-544-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download