Analysis
-
max time kernel
158s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 04:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3bde236a71dd5e30b5427efb07a40417.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3bde236a71dd5e30b5427efb07a40417.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
3bde236a71dd5e30b5427efb07a40417.exe
-
Size
385KB
-
MD5
3bde236a71dd5e30b5427efb07a40417
-
SHA1
0d3f90a6800d8db0ea085cdb3a5c215a9aee9cb9
-
SHA256
2e8d0447c0585c0c63864e9880a275bfd86e9b141cf27dea5b01e2c76d422ddb
-
SHA512
8d39d4e03c9f24606a6b0b9667697b73436f876504491ef1f22bc090f631bbf0fba029e8a27362e243d74cae7a23ec425d5dc9d883e9640ff5e700494437d2a7
-
SSDEEP
6144:P+fF2RLYFn6OnldgtjIbaSjFAbwmpH1ixTmAcThAkZThMTMfd1E6dqi4py5e:P+g+n+jIbPxSVix1c60yQEy1e
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\Program Files\desktop.ini 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\$Recycle.Bin\S-1-5-21-2398549320-3657759451-817663969-1000\desktop.ini 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-2398549320-3657759451-817663969-1000\desktop.ini 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\desktop.ini 3bde236a71dd5e30b5427efb07a40417.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsBase.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.IO.Packaging.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Primitives.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationProvider.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.WindowsDesktop.App.runtimeconfig.json 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.NetworkInformation.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\WindowsBase.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javacpl.cpl 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\Microsoft.VisualBasic.Forms.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsBase.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javadoc.exe 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsBase.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\ReachFramework.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Input.Manipulations.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\jabswitch.exe 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.SecureString.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Core.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\java-rmi.exe 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.Unsafe.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationUI.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\logging.properties 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationTypes.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Controls.Ribbon.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml 3bde236a71dd5e30b5427efb07a40417.exe File created \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationUI.resources.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Aero2.dll 3bde236a71dd5e30b5427efb07a40417.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll 3bde236a71dd5e30b5427efb07a40417.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 872 4908 WerFault.exe 71
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bde236a71dd5e30b5427efb07a40417.exe"C:\Users\Admin\AppData\Local\Temp\3bde236a71dd5e30b5427efb07a40417.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4908 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 7922⤵
- Program crash
PID:872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4908 -ip 49081⤵PID:224
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
402KB
MD51b4d5f63f36c11eaa579f8b6e0a3c86c
SHA1cd7a061ea95f61a6358152756ea56a8f979aa3e0
SHA25657b6cab2b6412f1fb3be9a46728997b2498935a0bc027babc0d641c514a8ccd6
SHA512396fc997393ab1a5c5de045cde5b1c51347e236bf9bc8b693e0a104b541521736857339c09cb60d9bf7f6c83a1219223fa0be2e497885df082301d4873abfab2
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163