Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 16:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
04c543520f4c033eea90e97276cfee94.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
04c543520f4c033eea90e97276cfee94.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
04c543520f4c033eea90e97276cfee94.exe
-
Size
5.6MB
-
MD5
04c543520f4c033eea90e97276cfee94
-
SHA1
107ecad5e6f122e01289d8d6b76c52176e29f1a8
-
SHA256
25b45707273d133ff187ea4e46195d13e3889825cc0c190c6900c78adf933724
-
SHA512
b6a04aa368c657a9f62a80237ad7e32cb3e86d8c46c1b534590cb4e8bd22e6f8ef86b889496f93cc1ab35fd5463ec62bf82e725474b9dfde2818161cf129126a
-
SSDEEP
49152:KEEuL/xFnOvtaWIDn0apLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrQKD:+ytLK3BDhtvS0Hpe4zbpaAKQkroGIG
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\Program Files\desktop.ini 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\$Recycle.Bin\S-1-5-21-768304381-2824894965-3840216961-1000\desktop.ini 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-768304381-2824894965-3840216961-1000\desktop.ini 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\desktop.ini 04c543520f4c033eea90e97276cfee94.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\uz.txt 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.AccessControl.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.ProtectedData.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.AccessControl.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Primitives.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\th.txt 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\zh-tw.txt 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\msaddsr.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.ILGeneration.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationProvider.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Internet Explorer\images\bing.ico 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationTypes.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\7-Zip\7zG.exe 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.CodePages.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\Microsoft.VisualBasic.Forms.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.Win32.Primitives.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msado15.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Controls.Ribbon.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\UIAutomationClient.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\InitializeDeny.hta 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\System\wab32.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Xaml.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationUI.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\pl.txt 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClient.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Xaml.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationUI.resources.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jstatd.exe 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Internet Explorer\en-US\iexplore.exe.mui 04c543520f4c033eea90e97276cfee94.exe File created \??\c:\Program Files\Common Files\System\ado\msado20.tlb 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\de.txt 04c543520f4c033eea90e97276cfee94.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui 04c543520f4c033eea90e97276cfee94.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 468 4720 WerFault.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\04c543520f4c033eea90e97276cfee94.exe"C:\Users\Admin\AppData\Local\Temp\04c543520f4c033eea90e97276cfee94.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4720 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 5162⤵
- Program crash
PID:468
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4720 -ip 47201⤵PID:1576
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD580ea6fc77cb6d23f43c2d0056a2276d1
SHA1c9f4bebf7c48f0cdc097c044019e761ae6ad3920
SHA25668477796cadc679651dfc8f3a338d841d2f80a8961bdf1db14777fd0c59c5317
SHA51211247381272d72a1941d127df9c73ae5b795852c95c61c7fb987f048f53c4a122acf0a0635ef951a4af77bbda30ce1c724f2acc08e64bc12b305e3d6024f341b
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163