b0547656c8e884750f902eee145d73aecbb3e0e434a332f96fb0f997cabc0c6f

Analysis

max time kernel
108s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 09:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
Size

2.8MB
MD5

bb89f33e3d5fbcc072b67f62aa26ebf6
SHA1

aa56a46194d96ab51b9d10b4d81a0b675e44fa9f
SHA256

b0547656c8e884750f902eee145d73aecbb3e0e434a332f96fb0f997cabc0c6f
SHA512

2d0c8fa48027ec4bb47955142c7c8298cf99196612a4b9ecb02c3f6eb32dc86cbacfdc23c646b4a5a7743055328453371f87ec9402823ca7db86c5983d3e00fc
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHK6pQPxQ2JyP2r5mJV91E:SCqm2Jpr0nNM7Dus7Nx2qCqm2Jpr0nw

Score

6^/10

upx

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\desktop.ini	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1876-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022988-5.dat	upx
behavioral2/memory/1876-1469-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/1876-8822-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\stdole.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FirstRunMailBlurred.layoutdir-RTL.jpg.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-48_altform-unplated.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-400.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-150_contrast-white.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-200.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-white\Settings.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxSignature.p7x.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-200.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp140.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreWideTile.scale-200.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsSplashScreen.scale-100.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-300.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\MSFT_PackageManagementSource.schema.mfl.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrfralm.dat.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-125_contrast-black.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-100.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\AppxManifest.xml.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-200.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SmallTile.scale-100_contrast-black.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-60_altform-unplated.png.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.exe	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-300.png	2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_bb89f33e3d5fbcc072b67f62aa26ebf6_snatch.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
f7a1f83350775805c15cc460f4bc0f01

SHA1
957b9c58502444df6110bdb21215c2b8d5ae0814

SHA256
02a05d18f5ab2bb23bb7a4359ce74bc38798c40b2e9822ffb05fb285d123fb3f

SHA512
de1f93b0ba090c7fa00e7a5a9e471877eefcb425eeed56eb3204e673c955fb9b58cbce4aa316121d124a0375f62e019775a751a20d989c9fdc346badaecf77bf

Download Submit
memory/1876-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1876-1469-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1876-8822-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads