Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 05:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a30eaa68f1539977a1a712cfb3600aff.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a30eaa68f1539977a1a712cfb3600aff.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
a30eaa68f1539977a1a712cfb3600aff.exe
-
Size
427KB
-
MD5
a30eaa68f1539977a1a712cfb3600aff
-
SHA1
9a2844cdbb74c35399293408abf64f0ef5b9529b
-
SHA256
41516af799d417d9a099e7865fa2189455395918b2749f14fcb98a8ab18e8cfa
-
SHA512
8d6797def2f6d3fad01f53c589b8ff0ebfbbc5d88fb538845fcb2c148d91939047771c06016c26093a05185da70217e3ea4479ff6a3deec2d3576e2de6786e41
-
SSDEEP
12288:RXGE0axLVzUdCHab6EcDrVvbU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAr:R4ak6EcDrVvbSGB2uJ2s4otqFCJrW9FP
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\Program Files\desktop.ini a30eaa68f1539977a1a712cfb3600aff.exe File created \??\c:\$Recycle.Bin\S-1-5-21-1712835645-2080934712-2142796781-1000\desktop.ini a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-1712835645-2080934712-2142796781-1000\desktop.ini a30eaa68f1539977a1a712cfb3600aff.exe File created \??\c:\Program Files\desktop.ini a30eaa68f1539977a1a712cfb3600aff.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationTypes.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Uri.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\ReachFramework.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\va.txt a30eaa68f1539977a1a712cfb3600aff.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipschs.xml a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Common Files\System\wab32.dll a30eaa68f1539977a1a712cfb3600aff.exe File created \??\c:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationUI.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Controls.Ribbon.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\hy.txt a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sw.txt a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\prism_d3d.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Drawing.Common.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\hu.txt a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipscht.xml a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml a30eaa68f1539977a1a712cfb3600aff.exe File created \??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Dynamic.Runtime.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.WindowsDesktop.App.runtimeconfig.json a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\java.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Principal.Windows.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationTypes.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\WindowsFormsIntegration.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Forms.Primitives.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\UIAutomationClient.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\unpack200.exe a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.Primitives.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jarsigner.exe a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\jsdt.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ast.txt a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Parallel.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll a30eaa68f1539977a1a712cfb3600aff.exe File created \??\c:\Program Files\Java\jre-1.8\bin\server\classes.jsa a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\ssv.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClientSideProviders.resources.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.ThreadPool.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Aero2.dll a30eaa68f1539977a1a712cfb3600aff.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak a30eaa68f1539977a1a712cfb3600aff.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4076 1556 WerFault.exe 60
Processes
-
C:\Users\Admin\AppData\Local\Temp\a30eaa68f1539977a1a712cfb3600aff.exe"C:\Users\Admin\AppData\Local\Temp\a30eaa68f1539977a1a712cfb3600aff.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1556 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 10122⤵
- Program crash
PID:4076
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1556 -ip 15561⤵PID:1428
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
539KB
MD50c7843d10913b6ee2066e1d590ec3c81
SHA12c4c8a3f61bcd5a7472f37ca3e2bb49ae92027e4
SHA2568594a519a4ae7a610943ebcd7706f17e1b1656fa2bf2892880b6dde38063d3fc
SHA512cedc67ebf2ae50b942b2b0959518807bd4f4c49d59b1bcdfc1091b970f282e7e03d9cdf6a17d8d97215e1fb9ac82f4b3980a5fb8cd1bff6aad2b1cc95240c4ee
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163