Analysis
-
max time kernel
153s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 18:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3d85e073332856abc2b09f8212a59475.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3d85e073332856abc2b09f8212a59475.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
3d85e073332856abc2b09f8212a59475.exe
-
Size
349KB
-
MD5
3d85e073332856abc2b09f8212a59475
-
SHA1
a7d9eb4696f0456ad54e35285598429756c807d8
-
SHA256
0978775f7f65a4a72cd384b9152a2682a83c33fac0464294868306e9a8dee887
-
SHA512
1d2abcac91e155a3e4abbe583e32185637644eb689ca186271e0ad7ba45a9db67bb2b519b5e57c8979a2ce2afd440a002f49127cc79441204ff673e8dcbb3924
-
SSDEEP
6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTMN:JXEkqeolrix1c60yw
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-3336304223-2978740688-3645194410-1000\desktop.ini 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-3336304223-2978740688-3645194410-1000\desktop.ini 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\desktop.ini 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\desktop.ini 3d85e073332856abc2b09f8212a59475.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\jli.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\klist.exe 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ga.txt 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipstr.xml 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework-SystemXmlLinq.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsFormsIntegration.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.Primitives.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationClient.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\Common Files\System\Ole DB\msdaosp.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationFramework.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationProvider.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\ReachFramework.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationFramework.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\sound.properties 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\fontmanager.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\java-rmi.exe 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\fxplugins.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-heap-l1-1-0.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.Messages.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jstatd.exe 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Controls.Ribbon.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Internet Explorer\en-US\iexplore.exe.mui 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml 3d85e073332856abc2b09f8212a59475.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\rtscom.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ObjectModel.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Accessibility.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClientSideProviders.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\jp2iexp.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\lib\jfxswt.jar 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Primitives.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationClient.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationProvider.resources.dll 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md 3d85e073332856abc2b09f8212a59475.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll 3d85e073332856abc2b09f8212a59475.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1676 5052 WerFault.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d85e073332856abc2b09f8212a59475.exe"C:\Users\Admin\AppData\Local\Temp\3d85e073332856abc2b09f8212a59475.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:5052 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 5842⤵
- Program crash
PID:1676
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5052 -ip 50521⤵PID:4720
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
461KB
MD571df9a833470cd7eaabcbed57ec72c7c
SHA100679996897dba9ba84a08fe1cd70dc22d800c9d
SHA2568bce3dce0f600563bf3de33a31e2b5f8f03e28d1ed0e030205b35ece3e5eedd7
SHA512d68505ee65f9c2809911325413fd8991516124588a41ee2cd3b84ac571a6e617eedf6abf17317123d720e25939c50cc0501bed7f366a98975505318da41416b7
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163