884df1caa180ebc43ad5c67f64272040ad914165bf8212b0bb5b95448b5be61d

Analysis

max time kernel
138s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
Size

29.0MB
MD5

b834bb9bb6fb21090ab1cf2e0f4fefb6
SHA1

9aa53305fca6db5493b724e5854d89d8ee346dbf
SHA256

884df1caa180ebc43ad5c67f64272040ad914165bf8212b0bb5b95448b5be61d
SHA512

21c1bc90547c9656ceef40e4ef428b01f4a99e07a6d56cf0b63e2a0b6a2d030e27c675f30af2bfa713cbcbd0d74f2b18211fd174de0d98f5cc85c1ef97b42ee2
SSDEEP

196608:jUdkKzMzo1XU8d+8wSZ/gd2cBnvjeApaAvktrlrB3ytPqVxUQVmBDTSWhi:OMzo1XnI2cNvjtIAvkt0PqbsBDTs

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Input.Manipulations.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationTypes.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zFM.exe	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Sockets.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Channels.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorrc.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationFramework.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Design.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\ReachFramework.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdarem.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdasql.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationClientSideProviders.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ObjectModel.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Xaml.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationFramework.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.sfx	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationFramework.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Design.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Threading.AccessControl.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Design.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\EnterRedo.7z	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Uri.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Input.Manipulations.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.Win32.Registry.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Process.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadco.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationUI.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uz-cyrl.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Brotli.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Xaml.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\WindowsFormsIntegration.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\UIAutomationProvider.resources.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4552	4948	WerFault.exe	89

C:\Users\Admin\AppData\Local\Temp\b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
"C:\Users\Admin\AppData\Local\Temp\b834bb9bb6fb21090ab1cf2e0f4fefb6.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 488
  2⤵
  - Program crash
  PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4948 -ip 4948
1⤵
PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
29.1MB

MD5
61d97ad58f7a9355349339a4af03284d

SHA1
baf90a9aa1434c770cc653dd42ea8f6ea70a039b

SHA256
d9a30698afd62b9104d56bfdd5bba17deaec24d05e481c201db7e8d6db77bc39

SHA512
6bb1be596bf60a2c03b0acf4f026bdbaa2e91a8f4f803b1c70d42083d55803c8b38b36fbc35b62afbc24a74164ac2da4f633e1492c721b90e5eaf41ca0441a91

Download Submit
C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/4948-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4948-1306-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads