f35524f465a90a6210e25e0821833a5dcf522cbd6a8faa3349ffd7a76900270c

Analysis

max time kernel
6s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

606d0f73ea5f8486747fcabf0aef30b1.exe
Size

231KB
MD5

606d0f73ea5f8486747fcabf0aef30b1
SHA1

c528bb777c1326ede0550d2302bb030cbd81aa6d
SHA256

f35524f465a90a6210e25e0821833a5dcf522cbd6a8faa3349ffd7a76900270c
SHA512

dddd305cd8d5d1388876e2cfbecc1ca9665391cdad4c56df9fea323b1332c6c0b1729e39a5fb134d08b9f1017b8ece665efc1cce06c22a5350e81760c61a159e
SSDEEP

6144:He+fAJVdixTmAcThAkZThMTMfd1E6dqi4py5e:++2ix1c60yQEy1e

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\desktop.ini	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\desktop.ini	606d0f73ea5f8486747fcabf0aef30b1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Buffers.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-2-0.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationProvider.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationCore.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nl.txt	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\PresentationUI.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlSerializer.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsBase.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.DataSetExtensions.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\7-Zip\History.txt	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Brotli.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ValueTuple.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClientSideProviders.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationUI.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationProvider.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\az.txt	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Serialization.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nb.txt	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado20.tlb	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadox28.tlb	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Controls.Ribbon.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Core.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Primitives.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cy.txt	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClientSideProviders.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Reader.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Encoding.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshe.xml	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\adcvbs.inc	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	606d0f73ea5f8486747fcabf0aef30b1.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	606d0f73ea5f8486747fcabf0aef30b1.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll	606d0f73ea5f8486747fcabf0aef30b1.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4852	1716	WerFault.exe	16

C:\Users\Admin\AppData\Local\Temp\606d0f73ea5f8486747fcabf0aef30b1.exe
"C:\Users\Admin\AppData\Local\Temp\606d0f73ea5f8486747fcabf0aef30b1.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 596
  2⤵
  - Program crash
  PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1716 -ip 1716
1⤵
PID:4864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
95KB

MD5
71d831a163c08bd7e73e8f99065acebb

SHA1
4dc5943653022fa9ec69be5cc223996ac00761f1

SHA256
1902ef4798f53fd50d395685add6cef34195d8be81af187e3b90b25f385f336f

SHA512
56eddcd6454bf86fc993e3cf0d19b55dcf346ed388cde9aecce364088a79e5a030f99ad747d791bd38e482367f83de60d03de75a66227bb5c74f25edf70094af

Download Submit
C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1716-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1716-2284-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads