2065b1d99f0bbade7c704c928cea2f9ec46fdd7a5456ba5a6b93e268e8a5cfe2

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54a12d2eeff6a89e5a66e2f73441c73d.exe
Size

450KB
MD5

54a12d2eeff6a89e5a66e2f73441c73d
SHA1

55e23b18029ef088ef1b219f1c70c9928dd6dcbf
SHA256

2065b1d99f0bbade7c704c928cea2f9ec46fdd7a5456ba5a6b93e268e8a5cfe2
SHA512

c4e126cb9a7251cf8fb5d64ceac7d90772f8a6e83447c2a93045ec5b4322469f9f3385fe69194b2359a4b48d927830b1b67445c09cb5439de0d43a0d0e10b5db
SSDEEP

3072:amLAx9u5cmiwYRS8usvNcVp2N/x4HKHNKKXCJ6trUbnssqhvfq7kVz7D1c3qKqpx:ncmiwZsq2BxyKHNFPdsKBn13+I

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\desktop.ini	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\desktop.ini	54a12d2eeff6a89e5a66e2f73441c73d.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.SecureString.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javapackager.exe	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\eu.txt	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Xaml.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Design.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Design.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hy.txt	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\j2gss.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\gu.txt	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\.version	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationCore.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.Pkcs.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Principal.Windows.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationTypes.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationProvider.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Xaml.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msxactps.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\wsimport.exe	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\security\java.security	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pa-in.txt	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\policytool.exe	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.HttpUtility.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.Primitives.resources.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\oledb32r.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-heap-l1-1-0.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.Common.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Accessibility.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	54a12d2eeff6a89e5a66e2f73441c73d.exe
File created	\??\c:\Program Files\Internet Explorer\iexplore.exe	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\master_preferences	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ar.txt	54a12d2eeff6a89e5a66e2f73441c73d.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcor.dll	54a12d2eeff6a89e5a66e2f73441c73d.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2056	2644	WerFault.exe	89

C:\Users\Admin\AppData\Local\Temp\54a12d2eeff6a89e5a66e2f73441c73d.exe
"C:\Users\Admin\AppData\Local\Temp\54a12d2eeff6a89e5a66e2f73441c73d.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 1020
  2⤵
  - Program crash
  PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2644 -ip 2644
1⤵
PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
562KB

MD5
b3c794ff4720f03155f65c09f39256f5

SHA1
639aa32c0412e449ccf1e093abb7a421656fff42

SHA256
b812a5ee7615d22ba920a80104fedb8cbe0f49f50754a5fbdab6956bec7ef15b

SHA512
81577c13a0821e2bf0203af3d80c296dec5c17f7db354b0984ec012920d3965c58405d9cfc434ce1fe72ee92125e86256ac7c44c07c253d91cb4f35dbae931a7

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2644-529-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-684-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-201-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-208-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-278-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-420-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-140-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-869-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-1082-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-1230-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-1306-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-1762-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2644-1925-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads