Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
8s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 13:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
465c01d46659ae4226eb5b77315c37c7.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
465c01d46659ae4226eb5b77315c37c7.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
465c01d46659ae4226eb5b77315c37c7.exe
-
Size
421KB
-
MD5
465c01d46659ae4226eb5b77315c37c7
-
SHA1
aa980d545c729c5f77beb694ec49fafb1a93ad08
-
SHA256
fbbaee9c1a241ca268d9a4d97f616fabc6f94194252d8cccf58872778b971308
-
SHA512
555471b721dbb072d376f62e23b722540732fdf83a3b8833282d10861caedd4fd4ee78c145df8fb787b3dc173937d3678edefc2cb85a52de559969bd601871cc
-
SSDEEP
6144:Hq+TyiOqzPvuuYe0vucjToXVpGOZchl8HS0WE:1XdPvuuY9ols8A
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\Program Files\desktop.ini 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\desktop.ini 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini 465c01d46659ae4226eb5b77315c37c7.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Serialization.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsFormsIntegration.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.TypeConverter.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Luna.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\kinit.exe 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Controls.Ribbon.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Xaml.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\7-Zip\7z.sfx 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\fi.txt 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationFramework.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jps.exe 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msado60.tlb 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Xaml.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WindowsBase.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\Program Files\Internet Explorer\iediagcmd.exe 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Extensions.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\appletviewer.exe 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jstack.exe 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebHeaderCollection.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\DirectWriteForwarder.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.VisualBasic.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Forms.Design.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Parallel.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Design.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Input.Manipulations.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\bci.dll 465c01d46659ae4226eb5b77315c37c7.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Luna.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Xaml.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClient.resources.dll 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml 465c01d46659ae4226eb5b77315c37c7.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll 465c01d46659ae4226eb5b77315c37c7.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1448 4556 WerFault.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\465c01d46659ae4226eb5b77315c37c7.exe"C:\Users\Admin\AppData\Local\Temp\465c01d46659ae4226eb5b77315c37c7.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4556 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 6842⤵
- Program crash
PID:1448
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4556 -ip 45561⤵PID:1196
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
533KB
MD512e68cd16e8cd05e7627c14e84398e05
SHA188fe064907d51bcfe5d0da4db8bd483ee5789582
SHA25613ebf4568dfee45cc27f6b0e1b599ee21d108e047c6d9ac5a7096bffba3b26ab
SHA5122277227030bf2a78b20fb44fc63f35bbf5839791a829d858a3ad00a97e7dab044f21ef94e62fc1cf195e5683913e17166850c5632fdc44ccd25444ce0fd2504c
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163