407d527c0ae6951e9e901b2062196f732f72347b0d106b2502fa54b06299f089

Analysis

max time kernel
108s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 21:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acf3cfe2a8262e01f99b241ef01efd39.exe
Size

4.1MB
MD5

acf3cfe2a8262e01f99b241ef01efd39
SHA1

dd1a521a231b313c0a4c77047f24817d7abe7a50
SHA256

407d527c0ae6951e9e901b2062196f732f72347b0d106b2502fa54b06299f089
SHA512

4c017a6b10bb4a50b3ef071613f9ec6be414a98e3cab2d8bc2b548d84c9bfdd77f5d8935e3bb0ab426c2cd1d10c4b644d81744efc8a7938efc78153a43451cdb
SSDEEP

49152:G8QvcATwiTIzmUTvuB5gEdbm3eEuLqfKSSNmJ9qpMzsXhpzNTtR40ZwD02yjwYWm:yvkkGVAaIMcxwY2sT

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1904519900-954640453-4250331663-1000\desktop.ini	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1904519900-954640453-4250331663-1000\desktop.ini	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\desktop.ini	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\desktop.ini	acf3cfe2a8262e01f99b241ef01efd39.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceModel.Web.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\WindowsBase.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.Design.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Algorithms.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.CoreLib.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\ReachFramework.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\System\msadc\adcvbs.inc	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Design.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Extensions.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.HttpUtility.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Handles.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\WindowsBase.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClient.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClientSideProviders.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClientSideProviders.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationProvider.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.Lightweight.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationFramework.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\coreclr.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\netstandard.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationProvider.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\kinit.exe	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-environment-l1-1-0.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\zip.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\ThirdPartyNotices.txt	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\en-US\iexplore.exe.mui	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\WindowsBase.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\Microsoft.VisualBasic.Forms.resources.dll	acf3cfe2a8262e01f99b241ef01efd39.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4424	2720	WerFault.exe	93

C:\Users\Admin\AppData\Local\Temp\acf3cfe2a8262e01f99b241ef01efd39.exe
"C:\Users\Admin\AppData\Local\Temp\acf3cfe2a8262e01f99b241ef01efd39.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 748
  2⤵
  - Program crash
  PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2720 -ip 2720
1⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4988 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:8
1⤵
PID:3824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
C:\odt\office2016setup.exe

Filesize
6.8MB

MD5
b5b38f34b0c2db5b55b8a63e5e88a6a8

SHA1
88c65635487e02776f6404fdc8dbe6403c4f7504

SHA256
1d74238be0cbace399f47ef109592f645610ba410f0185f8c6426052634594b2

SHA512
43e1d9709873373287df45ceb3107f776dedd55263787379510a425d5de1bdfbeae0618125ac75c25b8f2ee0a07d629b96d396405e1ae181e2049dfa89b6a24c

Download Submit
memory/2720-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2720-83-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2720-1423-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2720-1563-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads