Analysis
-
max time kernel
141s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
03-02-2024 06:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
-
Size
355KB
-
MD5
8bab3bd9e4fa3d6c7f69d32f3401fa6c
-
SHA1
5dcb12327c98c8cba66e89a0a7acef6bdee56e2f
-
SHA256
dd3f312904b7116c7000ee26ece2c1d607659db288eb37a557f575792a24032b
-
SHA512
707c98a6218d9d4d93f0be3eb7a1d71cb162e04fee699fe24e7c4dd035e3bf8318ea5a803504d586a9aa9e76517f5167948eee3022d23fe7058d4bd8a61ad861
-
SSDEEP
6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTM:JXEkqeolrix1c60y
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\desktop.ini 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\desktop.ini 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Input.Manipulations.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.ProtectedData.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\ktab.exe 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\lib\deploy\messages.properties 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\webkit.md 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\jsdt.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.StackTrace.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationCore.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.DataContractSerialization.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\Microsoft.VisualBasic.Forms.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Primitives.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Numerics.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Annotations.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\sound.properties 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jmc.txt 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Design.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Asn1.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Encoding.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\si.txt 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.deps.json 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Loader.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Common Files\System\Ole DB\oledb32.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\msquic.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationClientSideProviders.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Input.Manipulations.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Internet Explorer\en-US\iexplore.exe.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File created \??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClientSideProviders.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.AeroLite.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\ExportInstall.vsd 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationClient.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\jfxmedia.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\klist.exe 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Formatters.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationClientSideProviders.resources.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ro.txt 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsen.xml 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\msdaps.dll 8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3360 3252 WerFault.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe"C:\Users\Admin\AppData\Local\Temp\8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3252 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 9202⤵
- Program crash
PID:3360
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3252 -ip 32521⤵PID:2608
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5f6870f1f94f8daadc19070db90ad4605
SHA17d36077eb1a33c62256f88be06c64c3d1450be6c
SHA2566ab0b01001605303b7e070969d4c603e2411dfc33833695a88a0cb44527fcb32
SHA512c8c498046c9e68caface0fe8ce9d84e51df99dd691061b7aaa3f195056c27939cf0acd0c7bc46da4716ac1bfa9653cb2fd4e6f7544bd43d0601feacf54a758be
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163