1b235d70d0c7c61b37f2e9fb8d98ac73587dc245cd5b81d4861fc81c146d2f4b

Analysis

max time kernel
7s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0faab0215a8858e381addcac6120989e.exe
Size

25.3MB
MD5

0faab0215a8858e381addcac6120989e
SHA1

473787f92f84cb5dc81015be842bb10373de9cce
SHA256

1b235d70d0c7c61b37f2e9fb8d98ac73587dc245cd5b81d4861fc81c146d2f4b
SHA512

d2d8cdd861649e2fee5ad0b12d2cfb54c029441c447bf2b6798a4a58c06dc161eafd554696d8694811f107571f629fec1b169bf12060dc7728c99469cf8e174c
SSDEEP

98304:xUJuxtxCafOosXrwVegTk5yhLMj/bsqrIfU3/SPRXPN4VsCuFQVnmEcPyUMSTSWp:KoKrY1TK+MPlrB3ytPqVxUQVmBDTSWh7

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1232405761-1209240240-3206092754-1000\desktop.ini	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1232405761-1209240240-3206092754-1000\desktop.ini	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\desktop.ini	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\desktop.ini	0faab0215a8858e381addcac6120989e.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorrc.dll	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\yo.txt	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshe.xml	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-filesystem-l1-1-0.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Formats.Asn1.dll	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.deps.json	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uk.txt	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\Services\verisign.bmp	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msaddsr.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Buffers.dll	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Parallel.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VC\msdia90.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado26.tlb	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ka.txt	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdaprst.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	0faab0215a8858e381addcac6120989e.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processenvironment-l1-1-0.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll	0faab0215a8858e381addcac6120989e.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado26.tlb	0faab0215a8858e381addcac6120989e.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3660	4056	WerFault.exe	90

C:\Users\Admin\AppData\Local\Temp\0faab0215a8858e381addcac6120989e.exe
"C:\Users\Admin\AppData\Local\Temp\0faab0215a8858e381addcac6120989e.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 564
  2⤵
  - Program crash
  PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4056 -ip 4056
1⤵
PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
357KB

MD5
224ba973c92d605d721275b8ceb425b1

SHA1
37aa63048731ffd23ff502de4b57354245c1d718

SHA256
c37019a5db44a2320bb7fafb631e10039e8259517e211d4dc01b22eff805b137

SHA512
ca4b3c3cc88b7721d1ef6dce26db878cf67c27c48d665e9f9e1dee1f5f8f409fc654cefda7e328db240e4eb71c12679d9e8bd6265cd71d9e09f4e4df5e4ed7d3

Download Submit
C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/4056-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4056-1307-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads