Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2024, 12:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
86e786a6a45cdee29d2fc943c966537e.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
86e786a6a45cdee29d2fc943c966537e.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
86e786a6a45cdee29d2fc943c966537e.exe
-
Size
332KB
-
MD5
86e786a6a45cdee29d2fc943c966537e
-
SHA1
151804a20b7ecda9a9dcc0e9584e1e6ad754dc88
-
SHA256
29386aca6a879551cc20b9529f1e5e038b2baf199e64755a89f7e027d095bd09
-
SHA512
2ee3b77b356fd2f2cfc2adc4191c0eb93f2bcf7707fe2a4cd98b11fdd7dc39f6fe66f5b0ff80e19bf37db966140ca0969d461726b1901888b6201383ad389eb6
-
SSDEEP
6144:HO+TyiE6mix0h37ixTmAcThAkZThMTMaijd1E6dqi4py5e:JXE6v4rix1c60yf4Ey1e
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini 86e786a6a45cdee29d2fc943c966537e.exe File created \??\c:\Program Files\desktop.ini 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\desktop.ini 86e786a6a45cdee29d2fc943c966537e.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationFramework.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.ProtectedData.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\java.exe 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.Primitives.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\adcvbs.inc 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationCore.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationTypes.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\j2gss.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\pack200.exe 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceProcess.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationFramework.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Serialization.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClientSideProviders.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationCore.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationFramework.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\WindowsBase.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Controls.Ribbon.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javafx_font.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationFramework.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.PerformanceCounter.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationUI.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\prism_sw.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\rmid.exe 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\server\Xusage.txt 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationUI.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File created \??\c:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll 86e786a6a45cdee29d2fc943c966537e.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.Json.dll 86e786a6a45cdee29d2fc943c966537e.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Formatters.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Thread.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Xml.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationUI.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Extensions.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Forms.Design.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\coreclr.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\mlib_image.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\ReachFramework.resources.dll 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\COPYRIGHT 86e786a6a45cdee29d2fc943c966537e.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui 86e786a6a45cdee29d2fc943c966537e.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4800 2960 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\86e786a6a45cdee29d2fc943c966537e.exe"C:\Users\Admin\AppData\Local\Temp\86e786a6a45cdee29d2fc943c966537e.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2960 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 10122⤵
- Program crash
PID:4800
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2960 -ip 29601⤵PID:2556
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
445KB
MD5387ab20de7b91da3c41cb5a416c5c907
SHA1c0ecd11e187c93ca2704deab339fb6e4f59a174e
SHA2561197f6d376ce5b267222a4b418242a1316cf3856e5be41faa457e0b6c8046b5d
SHA512f1b7f6fe9d60d15b6c1eb1a3e8b0b0660b9e94415872d9d12f7aa3c7a66be4686815a1cb14ed2541ca6f70e4fb2c9bf7270cf08d7f898c005f28c7af75a3cc45
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163