Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2024, 15:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b7c2db7793197b1ed8e3ea710ad059b9.exe
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
b7c2db7793197b1ed8e3ea710ad059b9.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
b7c2db7793197b1ed8e3ea710ad059b9.exe
-
Size
435KB
-
MD5
b7c2db7793197b1ed8e3ea710ad059b9
-
SHA1
a144356d93cbedc6fabb53065df3cc969f981cbc
-
SHA256
d978bfac8b618be064b5a28ed6c4408f89db45d1c22cd888e6f7fcfdc49a71b7
-
SHA512
530a88c86912b98737157619fa212c520cbba11de8b6e0354f90253868359458cc5ac0b7a633a119ccb4f7c49eca33c895b6d3de9f259f9b336256d74cc055e2
-
SSDEEP
6144:P+fXSiE/hkcLYwhnV4WnULPEw9V3F4vmkA:P+v3iQ2V43TEw9V3F4vmkA
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\desktop.ini b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\desktop.ini b7c2db7793197b1ed8e3ea710ad059b9.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\System\Ole DB\oledbjvs.inc b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Calendars.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationUI.resources.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\msdatl3.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\COPYRIGHT b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\7-Zip\License.txt b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-math-l1-1-0.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Controls.Ribbon.resources.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sl.txt b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sr-spc.txt b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\rtscom.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationClientSideProviders.resources.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\da.txt b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.DiaSymReader.Native.amd64.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.NETCore.App.deps.json b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msader15.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationCore.resources.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationProvider.resources.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\mr.txt b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Controls.Ribbon.resources.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\instrument.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\jjs.exe b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Algorithms.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\serialver.exe b7c2db7793197b1ed8e3ea710ad059b9.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\tzmappings b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll b7c2db7793197b1ed8e3ea710ad059b9.exe File created \??\c:\Program Files\Common Files\System\es-ES\wab32res.dll.mui b7c2db7793197b1ed8e3ea710ad059b9.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3264 3696 WerFault.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7c2db7793197b1ed8e3ea710ad059b9.exe"C:\Users\Admin\AppData\Local\Temp\b7c2db7793197b1ed8e3ea710ad059b9.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3696 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 10122⤵
- Program crash
PID:3264
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3696 -ip 36961⤵PID:3904
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
548KB
MD5ba09ba467eb2224370f5e81eceaf53df
SHA11fe1d0bc48f2f55c1ea8a8f62d0aca3ad27dce39
SHA2568eab4beba8011ef4dc3e981391f87879bc35e0ecaa9d8f5c1a4bcedea092a4e3
SHA512ce7546e0359a438ce80b61079ad8186752318d4f941727c5d248c41b652668a9321e339d23d3c6c39c4c5b747856fc66a14ed68ecb28332d3e0d4cd41db35728
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163