Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/01/2024, 18:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7814fc119a0baf1a0d6ee60195585fc4.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7814fc119a0baf1a0d6ee60195585fc4.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
7814fc119a0baf1a0d6ee60195585fc4.exe
-
Size
486KB
-
MD5
7814fc119a0baf1a0d6ee60195585fc4
-
SHA1
57df1c6ea820007bf79bd9f86d6fdedad624d411
-
SHA256
846b516e8d7839cad62ba8787235cf9be97c460f7c2917b817e43610f4d07f51
-
SHA512
40e8cb573a54d31a1dca902b2d052f38721c8b957433b328b978163f0fc975c2616aee5b534f2c72edf985cce0aea65ab1a61f0e2a655a7adee372999b770dd6
-
SSDEEP
6144:HO+TyiEWSMsiwXgsMvApOmyHGAQOT5y59ssgEV0wMsatS6imLc9hlwCacIT51oXg:JXELhQvAFmsdKbkwlcIT5kzw
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\Program Files\desktop.ini 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\desktop.ini 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\$Recycle.Bin\S-1-5-21-1815711207-1844170477-3539718864-1000\desktop.ini 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-1815711207-1844170477-3539718864-1000\desktop.ini 7814fc119a0baf1a0d6ee60195585fc4.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encodings.Web.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\msadcer.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\ReachFramework.resources.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Controls.Ribbon.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrgc.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClient.resources.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\si.txt 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-timezone-l1-1-0.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\7-Zip\7z.exe 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\glass.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipschs.xml 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\System\ado\msadomd.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsBase.resources.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationFramework.resources.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\kab.txt 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msador15.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.VisualBasic.Core.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Csp.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ba.txt 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero2.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-convert-l1-1-0.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Principal.Windows.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClientSideProviders.resources.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClient.resources.dll 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui 7814fc119a0baf1a0d6ee60195585fc4.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Extensions.dll 7814fc119a0baf1a0d6ee60195585fc4.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1248 2888 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\7814fc119a0baf1a0d6ee60195585fc4.exe"C:\Users\Admin\AppData\Local\Temp\7814fc119a0baf1a0d6ee60195585fc4.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2888 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 9122⤵
- Program crash
PID:1248
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2888 -ip 28881⤵PID:3716
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
599KB
MD5e8b65f197be31baac16946fe80965364
SHA168adf3b70c3a8a56f58d679da12a0ce118fd7e39
SHA2563e3d372fb7c60d1dad4690c687a5237245ffab20da849c868828fc2d5b8573fd
SHA51293cf00a699584f8cf1e978380745ed4da09a457d591c1671373f00c7f046548b456f927bf8e6b1b39737f41eeaa5aaa54d9d399268b5e31911f30de06317054e
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163