929f167fa0b3faee6c08be894e4ae694acb866dbd2521793e306dd8b1724a240

Analysis

max time kernel
4s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c624f5f3a309b4fb32a53ba3df9665d.exe
Size

458KB
MD5

1c624f5f3a309b4fb32a53ba3df9665d
SHA1

61fde4bf344aafc0586282e5277d4c744cf53632
SHA256

929f167fa0b3faee6c08be894e4ae694acb866dbd2521793e306dd8b1724a240
SHA512

a0665322b11e02cce0fdfbb25d874e7263d504ccb968974b4e7dbad20ad4e9452fd5cfb2fff44d90018975f1281605ca5e1bd3cf9e3a3da6c9e9e1fccc1eac5d
SSDEEP

12288:P+Iz16fPycgZfbDp9HfucmLgocvx8d3334BkZn+P:31NcUbD3fo9cvx8d3334BkZn+P

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\desktop.ini	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\desktop.ini	1c624f5f3a309b4fb32a53ba3df9665d.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado20.tlb	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\.version	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Specialized.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\Content.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\Services\verisign.bmp	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.exe	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-tw.txt	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sq.txt	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadce.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\Content.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado15.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado21.tlb	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Contracts.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	1c624f5f3a309b4fb32a53ba3df9665d.exe
File created	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	1c624f5f3a309b4fb32a53ba3df9665d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.dll	1c624f5f3a309b4fb32a53ba3df9665d.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2476	3540	WerFault.exe	14

C:\Users\Admin\AppData\Local\Temp\1c624f5f3a309b4fb32a53ba3df9665d.exe
"C:\Users\Admin\AppData\Local\Temp\1c624f5f3a309b4fb32a53ba3df9665d.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 628
  2⤵
  - Program crash
  PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3540 -ip 3540
1⤵
PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3540-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3540-1937-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads