efaad3bce20ed66da16244697afab5575be688c2ac900b0230493ccf530bb0b9

Analysis

max time kernel
3s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7162c133030369c7631ef52371750c2c.exe
Size

400KB
MD5

7162c133030369c7631ef52371750c2c
SHA1

aafe920bdcc34a3799e275d2d6b11e32c7dc84ce
SHA256

efaad3bce20ed66da16244697afab5575be688c2ac900b0230493ccf530bb0b9
SHA512

b633ce75f69bf043b83e1ad2232bf638f91913bcbcaa61a86f9a81f7c85d78f5f0d3076e71673e45cc1d5ec283170e42af22cedc5143616d52572dcc70fa4e83
SSDEEP

3072:aChViFgfUjuKKlow6qDmPA27uCKafEhAexOQtqzBj3r8i5WUSVyVx1OyYqQ1wkd8:DhwF5w6dLyCXllzBX8igFH6cWgdg

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\desktop.ini	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\desktop.ini	7162c133030369c7631ef52371750c2c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ro.txt	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado25.tlb	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-interlocked-l1-1-0.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\vi.txt	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Uninstall.exe	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Contracts.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadds.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdaprsr.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.DiagnosticSource.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msxactps.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bg.txt	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ku.txt	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorrc.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msdaps.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\io.txt	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip32.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sl.txt	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\CloseSubmit.pps	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\adcjavas.inc	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.EventBasedAsync.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kk.txt	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ka.txt	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadrh15.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\System\es-ES\wab32res.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.TypeConverter.dll	7162c133030369c7631ef52371750c2c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	7162c133030369c7631ef52371750c2c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll	7162c133030369c7631ef52371750c2c.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2260	3124	WerFault.exe	16

C:\Users\Admin\AppData\Local\Temp\7162c133030369c7631ef52371750c2c.exe
"C:\Users\Admin\AppData\Local\Temp\7162c133030369c7631ef52371750c2c.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3124
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 576
  2⤵
  - Program crash
  PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3124 -ip 3124
1⤵
PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3124-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3124-2030-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads