eedf14a5b7940f69cd163896e2687ca67099e23dd528d22251f898c65a307df8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 01:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
Size

1.8MB
MD5

2fc0d67877ab2d33487f113c33e6d8d8
SHA1

4984424d3a8e66f295d5c010d938bd8b7c33a79b
SHA256

eedf14a5b7940f69cd163896e2687ca67099e23dd528d22251f898c65a307df8
SHA512

d7759f04f911b3763a6fe68cb2b11780df112a19b21444c48d1949c8eebc9607c65b39238148d24e44cef4962d570d88c47efb83eab455c5fefdee6d49736b85
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHs:SCqm2Jpr0nNM7Dus7Nx2M

Score

6^/10

upx

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\desktop.ini	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/844-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022983-5.dat	upx
behavioral2/memory/844-939-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/844-14118-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.scale-100.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Coverage.ps1	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-64_contrast-white.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-100.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreBadgeLogo.scale-200.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-200_contrast-black.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-200_contrast-white.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\AppxManifest.xml.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\187.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-24_altform-unplated.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\8080_36x36x32.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msoshext.dll.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100_contrast-black.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-400_contrast-white.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16_altform-unplated.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-125.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-IN\en-IN_female_TTS\platform_format.lua	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\System\msvcp140.dll	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\rtmpltfm.dll	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-72_altform-unplated_contrast-white.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsiProvider.resources.dll	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v8.1.Design.dll.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-100_contrast-black.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FREESCPT.TTF	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-150.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\save-money.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-125_contrast-white.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-125.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\mso20imm.dll	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-20_altform-unplated.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-125_contrast-white.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-GB\en-GB_female_TTS\platform_format.lua.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-150.png.exe	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-20.png	2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-18_2fc0d67877ab2d33487f113c33e6d8d8_snatch.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
117f2297cb9116c1654ac03b2a1be694

SHA1
b3193071d5c63a973687ab0d09d2bd100966c16a

SHA256
4f2ae7857bf2bbe6ff276c24097783ed807b4df4e9a992a3350fdfd30706fa61

SHA512
835e222d5ab7a17b06b667db8c05b13fb7a8ae4edc2604684832d6396a4b79c12fe8e1267683d7e797f3e520664f92182670a88feddd751732ca9e14c1dc439c

Download Submit
memory/844-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/844-939-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/844-14118-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads