Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2024, 04:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9ac624ed324400544ae2f1731c822852.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
9ac624ed324400544ae2f1731c822852.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
9ac624ed324400544ae2f1731c822852.exe
-
Size
178KB
-
MD5
9ac624ed324400544ae2f1731c822852
-
SHA1
f968544587a11f8fe0d985f94ce38dfd8df86b5c
-
SHA256
3c4949f34128e7b2f0368ee83f9646a014a103ee269ec7e135cabf4f173b819e
-
SHA512
fecb322f1ceba9da460eab627c0f70425742200f4c7e9c976ad8a3d1e9580a747396b3c0e32ef39cb4aad49d9593c45eeabc72d7d37a08fe592a83bc21a423ca
-
SSDEEP
3072:a2i99xNKkOzyIT2PzfTyRSO5+Ty8AZToEE6ooqiq8EpKP1dwLFurHNnwd6ATekby:P+fAz16PHyf+TyNd1E6dqi4py5wd6ATW
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 5 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\desktop.ini 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\desktop.ini 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 9ac624ed324400544ae2f1731c822852.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.Design.resources.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Common Files\System\es-ES\wab32res.dll.mui 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsFormsIntegration.resources.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\msvcr120.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\7-Zip\descript.ion 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipschs.xml 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationNative_cor3.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\java-rmi.exe 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\rmic.exe 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\fy.txt 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Primitives.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\fxplugins.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClient.resources.dll 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationFramework.resources.dll 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Common Files\System\Ole DB\msxactps.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui 9ac624ed324400544ae2f1731c822852.exe File created \??\c:\Program Files\Common Files\System\msadc\msadco.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero2.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\zip.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\is.txt 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Presentation.dll 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\wsgen.exe 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms 9ac624ed324400544ae2f1731c822852.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms 9ac624ed324400544ae2f1731c822852.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3764 4004 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ac624ed324400544ae2f1731c822852.exe"C:\Users\Admin\AppData\Local\Temp\9ac624ed324400544ae2f1731c822852.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4004 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 10162⤵
- Program crash
PID:3764
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4004 -ip 40041⤵PID:2480
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
291KB
MD57af20a455247d111ba7c4b08da90c3f7
SHA181707b1f7e1b226ca7e6ddd9fc4eabd89b510b88
SHA25602df86b17ac33ba7ec33908bab6b194a55bb15e018e30f19018ce2911a2d8a8f
SHA5121283a689c5c464b6af0b9d7248f75a24ace9b97ec9ad052135d6ec832d259668fe0809f4e7691f67f2be70e0291e0ca9fd947c8259308541bc84a20603e4210f
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163