412479677216932766db7c912ffd9dd356a19e771e33f510f4b64a8b56d1c812

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c92bce122497ee0d6d5bb5147c910b8.exe
Size

348KB
MD5

0c92bce122497ee0d6d5bb5147c910b8
SHA1

a7d41b9b60547d8409c1b377988af9f2f4efb040
SHA256

412479677216932766db7c912ffd9dd356a19e771e33f510f4b64a8b56d1c812
SHA512

11fd050567627ec869497326274ba8f2915a86eef2b844d3b3329ba937148b4f9a8004048f32cc5ba2d2a287780e56afd49c09a1cbc5cbd5c627fe37b6d5a575
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTM9:JXEkqeolrix1c60y+

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3791175113-1062217823-1177695025-1000\desktop.ini	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3791175113-1062217823-1177695025-1000\desktop.ini	0c92bce122497ee0d6d5bb5147c910b8.exe
File created	\??\c:\Program Files\desktop.ini	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\desktop.ini	0c92bce122497ee0d6d5bb5147c910b8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\ssv.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado15.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.DataContractSerialization.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationFramework.resources.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\wab32res.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.NETCore.App.runtimeconfig.json	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\COPYRIGHT	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	0c92bce122497ee0d6d5bb5147c910b8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClient.resources.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	0c92bce122497ee0d6d5bb5147c910b8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\oledb32r.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Mail.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mk.txt	0c92bce122497ee0d6d5bb5147c910b8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.rll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-string-l1-1-0.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\java.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Extensions.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.runtimeconfig.json	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Windows.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationCore.resources.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	0c92bce122497ee0d6d5bb5147c910b8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\7-Zip\readme.txt	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Controls.Ribbon.resources.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Controls.Ribbon.resources.dll	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\ext\meta-index	0c92bce122497ee0d6d5bb5147c910b8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml	0c92bce122497ee0d6d5bb5147c910b8.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1644	4976	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\0c92bce122497ee0d6d5bb5147c910b8.exe
"C:\Users\Admin\AppData\Local\Temp\0c92bce122497ee0d6d5bb5147c910b8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 1020
  2⤵
  - Program crash
  PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4976 -ip 4976
1⤵
PID:4396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
460KB

MD5
b5569e6846374f0a56909cc39dbd5ccc

SHA1
3cde8713d23aa21d775bf66c174af4a7a06a065f

SHA256
a3f5875328250405a0bd95bad44f35e377dce4f35b96c0787802c0cdd035c401

SHA512
704db9ea2502fb3504fbabfccbb8f1af728e0c5473f6d0d404c870206c18d1e4c5c6c247cf7dd9d7ef6d6438374cd835de90d9efe6a6572da53f3f85399108cf

Download Submit
C:\Program Files\Java\jre-1.8\bin\glass.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/4976-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4976-2018-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads