a210f90bdec0b79e2d59cbaba401732cdf0317fcc2584bf5d5e7bb405e4f6a93

Analysis

max time kernel
142s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 09:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
Size

2.8MB
MD5

f85f0b81dace0e371ec44b82c0ad5c19
SHA1

a0177d858be4d75c702a34a7c732eead0d25f92f
SHA256

a210f90bdec0b79e2d59cbaba401732cdf0317fcc2584bf5d5e7bb405e4f6a93
SHA512

f9fcf1b290161b2b438d4643e3233c12e5057e41c2478a639811364e2cd5ae05f24105667bcc0a1ff8669438d60bc36e158e5a5e8ff04cafe8eb2e3f2b7eb068
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91i:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0ne

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 21 IoCs

pid	Process
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found
3340	Process not Found

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\desktop.ini	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2848-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022993-5.dat	upx
behavioral2/memory/2848-1079-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2848-8884-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000021e88-8885.dat	upx
behavioral2/files/0x0001000000021ecb-8890.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64_contrast-high.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-200_contrast-white.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-200.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-250.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\illustration-UploadToOD.svg	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.NetworkTroubleshooter.winmd	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSmallTile.scale-400.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\caller-id-illustration.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-colorize.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\SwipeTeachingCalloutImage.layoutdir-LTR.gif	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSBI.TTF	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MSTAG.TLB.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\AppxSignature.p7x.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-100.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\BlankImage.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-80_contrast-black.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-96_altform-unplated.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\omsautintlimm.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.winmd	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-125.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-200_contrast-black.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-40_contrast-black.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2045521122-590294423-3465680274-1000-MergedResources-0.pri.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\MediaInkToolbar.xbf.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_altform-unplated_contrast-black.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-256_contrast-white.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Heart.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-60.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Moonlight.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\FacebookLoginButton.xbf	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-64_altform-unplated.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125.png	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\resources.pri.exe	2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_f85f0b81dace0e371ec44b82c0ad5c19_snatch.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.8MB

MD5
40f07cc507af865e4555d126d9da9e70

SHA1
b04e70096b4e7d31f61808cc5e593e02d2e7bd00

SHA256
b05a7bd5e6d6c3e9e509c36f8fbc6ce6dd1764e4be33b97b21d3f15008d6858b

SHA512
3bf3e70a3f96eb2505f8086bc4038f05234738780825dbc95200bbecea7c670a375d1b257d06cc4ed6cc122a16cc3c756faba68c00e712e99cee7c6676b595d8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
2.8MB

MD5
84b0df9ae982ea5453e42aca6685aea9

SHA1
fb2fbd58452f4229a257d29458c25ae2957c86c9

SHA256
758db7c4632c7cca65e900fa0f72175d56006da3328cebae7f57ff94c8e74d91

SHA512
e7c760896a4ff9cab045765749f023452cab51a24a645793f1c5974217859665fa8fa97c48d5ac8bee5a3f4e77bf360c72505be55719da37769b5c9bedba95a6

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
2.8MB

MD5
9cdf7e12ccc17cfbaab5ac40ae09e075

SHA1
4d5142700aa6ed2c108cceb0a57ec8968fbc4b25

SHA256
18452c135ba4e2cad4555ac91cdacba766235168c70c6b71b7cdae3ef225d03e

SHA512
fa0eefb6e8d59b43b6bce0323c09f3b7835743efb22b9a37205d2aac1c30333c643544efba26ccf06c2fd328b45c6454f4987066d4ee13dd0171e6b2145bc9c5

Download Submit
memory/2848-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2848-1079-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2848-8884-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download