Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2024, 14:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b794e4e507d42bad02f1de75e3802fdb.exe
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
b794e4e507d42bad02f1de75e3802fdb.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
b794e4e507d42bad02f1de75e3802fdb.exe
-
Size
4.6MB
-
MD5
b794e4e507d42bad02f1de75e3802fdb
-
SHA1
c47cda8fcb1699e9c0a799bab7ddea4f03e0b55a
-
SHA256
456f8fea21ab8185a528e8cacfacfe7756395dc661f119ce0b5e0a830800c173
-
SHA512
2b94b4541dce868777299b3f7080bbc468fd4ac4780955965ed8ba43116c57fc66d95af4b43e81d6c0886a3c13bd8b669f1277be998916e169c81dca6a21d79d
-
SSDEEP
98304:lb/ojtyXmVPMf/chq1X19mZVNQpRJo1nr1u4CUQMhy4vhAAxcRp:l7oSDf/chuPO
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\Program Files\desktop.ini b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\$Recycle.Bin\S-1-5-21-609813121-2907144057-1731107329-1000\desktop.ini b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-609813121-2907144057-1731107329-1000\desktop.ini b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\desktop.ini b794e4e507d42bad02f1de75e3802fdb.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsBase.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Principal.Windows.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Queryable.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationTypes.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-environment-l1-1-0.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Dynamic.Runtime.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.X509Certificates.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\UIAutomationProvider.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsBase.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationTypes.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\ReachFramework.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipschs.xml b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\System\ado\msador28.tlb b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\Microsoft.VisualBasic.Forms.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\7-Zip\7-zip.chm b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Channels.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Xaml.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.Windows.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\gu.txt b794e4e507d42bad02f1de75e3802fdb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\ReachFramework.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.resources.dll b794e4e507d42bad02f1de75e3802fdb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak b794e4e507d42bad02f1de75e3802fdb.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3744 2612 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\b794e4e507d42bad02f1de75e3802fdb.exe"C:\Users\Admin\AppData\Local\Temp\b794e4e507d42bad02f1de75e3802fdb.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2612 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 4722⤵
- Program crash
PID:3744
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2612 -ip 26121⤵PID:4896
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.7MB
MD5805cd30b248f6c6c61e0831e2cee9e73
SHA17e7140d74d8e0fdaff6644e3de61d03f620f7ff3
SHA25663225d42e6cc25b7c1393545589d5fec3a2f3f74b5ebbf59e88456899a008f25
SHA5123320cc0e97f57ecac34e99d8228256865ce03c0910ce8152e1027bb62442e8c08332da43ee3e6f7fd7a63ccb85dd3873ccb46b9bb17fca2d2ea31f1ada1317b6
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163