302dc3bfba06f57eceff7ce7b7819d48a7baef163bc44723f5c5a74b8fdd7dda

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00332cb9e549a3151505b7ce5b246118.exe
Size

9.4MB
MD5

00332cb9e549a3151505b7ce5b246118
SHA1

46fba1780a40a3cd79c68d13417bd241ad28acc9
SHA256

302dc3bfba06f57eceff7ce7b7819d48a7baef163bc44723f5c5a74b8fdd7dda
SHA512

0f690d91549e825a32878a54721bc9f08d88aec9c37c248e9719770fa0710c7b1a7919e20741887fffdade9640d9627c6ac1ba25b86f112fd0946553e4cf56df
SSDEEP

98304:AR2ESEubDm0VAaIMcxwY2sajeBiqVmrgq8no:spuGzaZI7zzmMno

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-983843758-932321429-1636175382-1000\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-983843758-932321429-1636175382-1000\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdaremr.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\Microsoft.VisualBasic.Forms.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ms.txt	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsBase.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Controls.Ribbon.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.Primitives.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Xaml.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.SecureString.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Xaml.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.DispatchProxy.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.0 (x64).swidtag	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\da.txt	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationUI.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationTypes.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Xaml.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\co.txt	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationFramework.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\vcruntime140_cor3.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Thread.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WindowsBase.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bn.txt	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ps.txt	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ValueTuple.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadce.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TextWriterTraceListener.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationProvider.resources.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebClient.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\DebugDeny.dotx	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ku.txt	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Reader.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Primitives.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Immutable.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uk.txt	00332cb9e549a3151505b7ce5b246118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3612	3468	WerFault.exe	89

C:\Users\Admin\AppData\Local\Temp\00332cb9e549a3151505b7ce5b246118.exe
"C:\Users\Admin\AppData\Local\Temp\00332cb9e549a3151505b7ce5b246118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 676
  2⤵
  - Program crash
  PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3468 -ip 3468
1⤵
PID:4744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
9.5MB

MD5
ca30ad03d4c2d6da671f9761261820f2

SHA1
48953f28b2b68c53e103c27884fcab7f2f0515c0

SHA256
666fb0c81bbcaf78982c464aaea5af8c94074f61ead6aba3c9c03131ba73add1

SHA512
ea321047e5cdc0f4c54a81ca5f4f5fe88799d7cf75af1b9f3a0eff9dbc75664f7e04578a2a9fcd3550f41fad19681f790e22b0356fbd6f3af88c3e7a967163b8

Download Submit
C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/3468-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-28-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-62-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-151-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-210-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-211-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-212-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-214-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-230-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3468-1325-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads