e01ad2386b8f20fc95f5237bdb584dd42bf62b3df6c8d4fc9b72568bd3f38e08

Analysis

max time kernel
95s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1097a71b35eea93e5824cc7683dba5f5.exe
Size

22.3MB
MD5

1097a71b35eea93e5824cc7683dba5f5
SHA1

c4f07f2d975bf92a5ba8b01ca5684d3e00e4b969
SHA256

e01ad2386b8f20fc95f5237bdb584dd42bf62b3df6c8d4fc9b72568bd3f38e08
SHA512

dd671cbd8a65c02ace4d0d093725cc67076088245b44bef3c0469a1358459d83a89f057d63b3e69c79caee291f09ef006e9c2f1e0b55bac45dcf22fcfd292e39
SSDEEP

98304:XdrOO536OyLIlsXJfk4pCLNCOEusqrIfU3/SPRXPN4VsCuFQVnmEcPyUMSTSWZn+:VD536OnThlrB3ytPqVxUQVmBDTSWhi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini	1097a71b35eea93e5824cc7683dba5f5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado60.tlb	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\vi.txt	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado27.tlb	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ja.txt	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\eu.txt	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\gl.txt	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\he.txt	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado60.tlb	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado20.tlb	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\descript.ion	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ga.txt	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nn.txt	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\adcjavas.inc	1097a71b35eea93e5824cc7683dba5f5.exe
File opened for modification	\??\c:\Program Files\7-Zip\License.txt	1097a71b35eea93e5824cc7683dba5f5.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2388	4976	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\1097a71b35eea93e5824cc7683dba5f5.exe
"C:\Users\Admin\AppData\Local\Temp\1097a71b35eea93e5824cc7683dba5f5.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 508
  2⤵
  - Program crash
  PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4976 -ip 4976
1⤵
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
1.5MB

MD5
225eb1116473f3827fdec7ebbef56b51

SHA1
da6788d2b5dab0ae483c96438f4161e938215219

SHA256
9450ea87244d20ce491260cd76d825553d27acf0fc885c810a1759018992b7a3

SHA512
8805c13b7ed122a953f933e6daceb7edf3989635f90dbb1b5e786762e858368808f10670d890e36e5d33ec371c7df565e50cbdeb7f8897cd0e163e33fd281432

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/4976-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4976-224-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads