Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 03:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0ca39d733c899a848b3d4b413281a649.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0ca39d733c899a848b3d4b413281a649.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
0ca39d733c899a848b3d4b413281a649.exe
-
Size
24.6MB
-
MD5
0ca39d733c899a848b3d4b413281a649
-
SHA1
baf9a683c37698dd1fe486b95c1d75d2af747541
-
SHA256
a09b176171fa460dd7df22d0e8e2ccae708a116d7dfc6d29028ac4b3080e3fa1
-
SHA512
cdfc4207212bf56544d32e89c300627248bbcc8a8901fe6e009b4d8387a4981dc9c433cc208cce5e33eb16ce497a97e7caeca0e787d118a5583e8b9d51bafd54
-
SSDEEP
49152:wUJuxtxujXab/BXgWb2n8yIyiVPh74Gzqmf6aGgKqXvi6KydunmWjMIbSohJ5ZCL:wUJuxtxCaNQXrwVegXwfk4pCL
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\Program Files\desktop.ini 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\desktop.ini 0ca39d733c899a848b3d4b413281a649.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Microsoft.VisualBasic.Forms.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Controls.Ribbon.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Input.Manipulations.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\System\ado\msadox28.tlb 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PenImc_cor3.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationFramework.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\de.txt 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\System\Ole DB\oledb32r.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlDocument.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.Design.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationTypes.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Annotations.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Extensions.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationUI.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Specialized.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.dll 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msado28.tlb 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Input.Manipulations.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemDrawing.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l2-1-0.dll 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Internet Explorer\ielowutil.exe 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\adcjavas.inc 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Drawing.Design.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\Microsoft.VisualBasic.Forms.resources.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipscht.xml 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Memory.dll 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll 0ca39d733c899a848b3d4b413281a649.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui 0ca39d733c899a848b3d4b413281a649.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.AccessControl.dll 0ca39d733c899a848b3d4b413281a649.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4632 4416 WerFault.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ca39d733c899a848b3d4b413281a649.exe"C:\Users\Admin\AppData\Local\Temp\0ca39d733c899a848b3d4b413281a649.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4416 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 4922⤵
- Program crash
PID:4632
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4416 -ip 44161⤵PID:4960
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD54b3ff7790c61cc068f0e34835ecdbfa3
SHA147f3d6a5f72662271497cb7f7317101c6c8f1106
SHA25688e8c7a244a3b9fd2f519d77f463dca901d6da151f652a0ca13c6730d9db90cd
SHA512a93e79167bfbf575cb9bc4e5808c1aeacb8d682a29a8f4fb8c6f0fce495f4e9e2ce238f110f2b6c98d2bc0598a0fb899eb567177acc0b1e01e834f60b5539fd3