b361d9f511a7bf1408546b667ecbacf9896c49815083873829c77c01f4f66e7a

Analysis

max time kernel
3s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a01951d5b1b1c9b73436d9a62b8ff31.exe
Size

255KB
MD5

0a01951d5b1b1c9b73436d9a62b8ff31
SHA1

31462ee8226ce974e9b82cce166fa89bcd10d92f
SHA256

b361d9f511a7bf1408546b667ecbacf9896c49815083873829c77c01f4f66e7a
SHA512

eb898476e6a515fb16965d0ad70481923a881969b2c41aceb7f94b09aa969b838a9857936dfbf381187f1f9e9aaa807c87f8af98677cf7b10d11d228197df442
SSDEEP

3072:a2i99xNKk62zI3W0u1EkIeIXxX48r788L3:P+frI3xfrw8L

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\desktop.ini	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\desktop.ini	0a01951d5b1b1c9b73436d9a62b8ff31.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ku-ckb.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zFM.exe	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hu.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msadomd28.tlb	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdatl3.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.Core.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tracing.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdaprst.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Expressions.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadomd28.tlb	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng2.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uk.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsar.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\gl.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\de.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\System\ado\adovbs.inc	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\System\ado\msader15.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado25.tlb	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bn.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\License.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdaprsr.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ga.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebClient.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pl.txt	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll	0a01951d5b1b1c9b73436d9a62b8ff31.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui	0a01951d5b1b1c9b73436d9a62b8ff31.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3412	4640	WerFault.exe	15

C:\Users\Admin\AppData\Local\Temp\0a01951d5b1b1c9b73436d9a62b8ff31.exe
"C:\Users\Admin\AppData\Local\Temp\0a01951d5b1b1c9b73436d9a62b8ff31.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 668
  2⤵
  - Program crash
  PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4640 -ip 4640
1⤵
PID:116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4640-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4640-2087-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4640-2176-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads