b0547656c8e884750f902eee145d73aecbb3e0e434a332f96fb0f997cabc0c6f

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 09:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
Size

2.8MB
MD5

bb89f33e3d5fbcc072b67f62aa26ebf6
SHA1

aa56a46194d96ab51b9d10b4d81a0b675e44fa9f
SHA256

b0547656c8e884750f902eee145d73aecbb3e0e434a332f96fb0f997cabc0c6f
SHA512

2d0c8fa48027ec4bb47955142c7c8298cf99196612a4b9ecb02c3f6eb32dc86cbacfdc23c646b4a5a7743055328453371f87ec9402823ca7db86c5983d3e00fc
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHK6pQPxQ2JyP2r5mJV91E:SCqm2Jpr0nNM7Dus7Nx2qCqm2Jpr0nw

Score

6^/10

upx

Malware Config

Signatures

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1780-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0007000000018636-5.dat	upx
behavioral1/memory/1780-1892-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1780-8040-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\New_York	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Nassau	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\trusted.libraries	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\New_Skins.url	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Moncton	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.8MB

MD5
3adb1c65325f87b8a5918f4af4e51789

SHA1
b354633ea93560cf80e1d8967cd37a775c2845fa

SHA256
1de3f50440d86980bfbb2695abaa1993c2137136593a1dd32483594192e29a0b

SHA512
16d045e0255158d8e10c051028b432ab7ceac7de6f665b1f7f6b32fb60bd083fee8717c9e46ab0c85a2fe313b879c37f2d52d85fffe523a94bb0f571ce387b7e

Download Submit
memory/1780-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1780-1892-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1780-8040-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads