a0e433055977570aff796944b50054520ae7b72284b1288a1e66f83d82e298d4

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1372262fd1ccb63501a93328834e9c85.exe
Size

427KB
MD5

1372262fd1ccb63501a93328834e9c85
SHA1

d46076d2de3a5907fab3b4412d5a681586c3edf4
SHA256

a0e433055977570aff796944b50054520ae7b72284b1288a1e66f83d82e298d4
SHA512

0f5f8b4f7dd1cc05117e23800199151076a46ec18b82e9aee6fa132c507dd975d07877ca408bd8aa49435a3677743446263030e757a645414758ec816db80314
SSDEEP

6144:Hq+TyiOqzPvuuYe0vucjToXVpGOZchl8HS0WE4o:1XdPvuuY9ols8A7o

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1815711207-1844170477-3539718864-1000\desktop.ini	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1815711207-1844170477-3539718864-1000\desktop.ini	1372262fd1ccb63501a93328834e9c85.exe
File created	\??\c:\Program Files\desktop.ini	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\desktop.ini	1372262fd1ccb63501a93328834e9c85.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Contracts.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\D3DCompiler_47_cor3.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClientSideProviders.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationUI.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jdeps.exe	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Ping.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationCore.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Input.Manipulations.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.Primitives.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\lib\packager.jar	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\dcpr.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ku-ckb.txt	1372262fd1ccb63501a93328834e9c85.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Thread.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Primitives.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\ReachFramework.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\zip.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Design.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Channels.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationTypes.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationProvider.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\jdk\libpng.md	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll	1372262fd1ccb63501a93328834e9c85.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	1372262fd1ccb63501a93328834e9c85.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Thread.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uk.txt	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WindowsFormsIntegration.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll	1372262fd1ccb63501a93328834e9c85.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Input.Manipulations.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Input.Manipulations.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationUI.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationProvider.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\COPYRIGHT	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	1372262fd1ccb63501a93328834e9c85.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	1372262fd1ccb63501a93328834e9c85.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2704	1936	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\1372262fd1ccb63501a93328834e9c85.exe
"C:\Users\Admin\AppData\Local\Temp\1372262fd1ccb63501a93328834e9c85.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 724
  2⤵
  - Program crash
  PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1936 -ip 1936
1⤵
PID:3488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
540KB

MD5
a1f3946062aa79125285e22eb7416444

SHA1
62427e87b093b448a988642c976fedab390b6c61

SHA256
8d5478b64d36f2fbc2c7128836c0f469e67813d10f4767912860fe675ad3a26a

SHA512
ca7bee00d42f39748546e0743efd3af7569de0b744ccf72cfde9217ab0615873bd5fa78547bf3dc248ec82e094d67940d87300de92b52e0dca657c6493558dca

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1936-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-222-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-223-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-516-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-1213-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-1235-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-1976-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads