Analysis
-
max time kernel
6s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 14:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
00303361cd215410fc8eb656a6651714.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
00303361cd215410fc8eb656a6651714.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
00303361cd215410fc8eb656a6651714.exe
-
Size
2.8MB
-
MD5
00303361cd215410fc8eb656a6651714
-
SHA1
2c8b8066e52535b44c81dc35ad2889d733e7aa91
-
SHA256
d9c57c27371872408fc2202580694970d985a780792bb8d2243861e99eccb466
-
SHA512
1f9d77cd86e61dd64b9e0b296b3af36007a4935e7dde3e3f6c261e291dd2dc5a5063c2d2b2ab47894e7918b3a637f22a69a4d840db892be6a784cdccdf8094c3
-
SSDEEP
49152:ZVkd4fljQd3334eBxaTtDhr8UxyD+Iqjdn28huYUbcOp1oJKBPLx/wd:ZVAd3334eBEZ1NFt2889bxoJW/K
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-768304381-2824894965-3840216961-1000\desktop.ini 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-768304381-2824894965-3840216961-1000\desktop.ini 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\desktop.ini 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\desktop.ini 00303361cd215410fc8eb656a6651714.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\7-Zip\Lang\ar.txt 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tracing.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipskor.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.Primitives.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\fr.txt 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsen.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Primitives.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorrc.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clrjit.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\es.txt 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Extensions.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\7-Zip\readme.txt 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\msdaremr.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Concurrent.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\el.txt 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\host\fxr\8.0.0\hostfxr.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-runtime-l1-1-0.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sa.txt 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\System\Ole DB\oledb32r.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\DismountDeny.bmp 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\Common Files\System\en-US\wab32res.dll.mui 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\System\msadc\msdarem.dll 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.ThreadPool.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui 00303361cd215410fc8eb656a6651714.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.dll 00303361cd215410fc8eb656a6651714.exe File created \??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui 00303361cd215410fc8eb656a6651714.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3956 2400 WerFault.exe 14
Processes
-
C:\Users\Admin\AppData\Local\Temp\00303361cd215410fc8eb656a6651714.exe"C:\Users\Admin\AppData\Local\Temp\00303361cd215410fc8eb656a6651714.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2400 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 5602⤵
- Program crash
PID:3956
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2400 -ip 24001⤵PID:4904
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25KB
MD52bf963bebb1b45b39211f45b2d30a309
SHA174a65ca85505e22c20141c4229ebbe9b17af7134
SHA256ee3b2839070ef67c514620fefeb7f035d3cad3b77182dac4c688778fe1759b3f
SHA51286220ab7034bc78fe14a4ba58b67a954de9f0d30eacea85294f39a533529f911f1196a614da74042804a5a0bd32714a4274d53364fadf1fa5daaf4a33deea39d
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163