80492ba9ea2f0f1dc7b76de58cd7f72184d8fa5be4f4a8e3de8bf2da5e545893

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8b6ddadb387daa388930a4345bd5108.exe
Size

118KB
MD5

b8b6ddadb387daa388930a4345bd5108
SHA1

57ae7a9e9fa28879608be1ad01747b67a44ae539
SHA256

80492ba9ea2f0f1dc7b76de58cd7f72184d8fa5be4f4a8e3de8bf2da5e545893
SHA512

63d5b8abadad6d7d968e8df66cbd7dc9aed69e01bc3a76e070192ed7b3a415723c32ad8aa03da2978a0c6234b70fb2ffce1f023b65b06bdd18ff4631e576988b
SSDEEP

3072:aP+ZE8BdSuq0bz9AZToEE6ooqivV2M6k+:VE8Bp9ad1E6dqisM6J

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-557049126-2506969350-2798870634-1000\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-557049126-2506969350-2798870634-1000\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	b8b6ddadb387daa388930a4345bd5108.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\System\ado\msado60.tlb	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\WindowsBase.resources.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\meta-index	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationNative_cor3.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sv.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\UIAutomationClientSideProviders.resources.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\br.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\java.exe	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Xaml.resources.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jhat.exe	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\jpeg.dll	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.CSharp.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsBase.resources.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationCore.resources.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationTypes.resources.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\bci.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\lib\ct.sym	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\verify.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ne.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\ImportSubmit.vdx	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\dotnet\host\fxr\8.0.0\hostfxr.dll	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mn.txt	b8b6ddadb387daa388930a4345bd5108.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2652	4452	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\b8b6ddadb387daa388930a4345bd5108.exe
"C:\Users\Admin\AppData\Local\Temp\b8b6ddadb387daa388930a4345bd5108.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 1020
  2⤵
  - Program crash
  PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4452 -ip 4452
1⤵
PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
230KB

MD5
30089f55be443020e5c3e519eae8ef56

SHA1
2ab63b381dbfba6f05ecd9a7428f58c55d0c5f3c

SHA256
0b51792cbabed171776796e7948a63153e4c16e333a73587e732c616035657f4

SHA512
d5d4a069b9899b41a1e5e6e103e48cf489e27ced8f63f8a8730e81d7be05551de010ebed8542bc544b2c8a1d6512297803acfe3203cd6d6e6a029f3ca1b5f789

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK

Filesize
119B

MD5
da7c482f5358bd9da5bbfe76e3447a8e

SHA1
dc0e0a748e790dc04133c65b52cd69b1676bd9c2

SHA256
4a4c9f290dadb6052556670faf60e07f0cc3c6f5a7b478d2da2234be8ea5508b

SHA512
e9bb5f64535ebed8a4f38bc4144b3dc4dedcf6a3010a87a0cfa2306fbdc5ce8d3e9fd00ad9ae019548b3085edca33283c507325a6c484f66b484778a035878bc

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK

Filesize
118B

MD5
805ae32d41bd54cee2613872031b2c20

SHA1
5c2201ef44d4c345c2ad40bf67c3cb5f17509bad

SHA256
641723ac1f2a767466006fb811f8140370ef9f2904398ee77f160c0e7bda7ba0

SHA512
a40328c1800ff312c79e873b9cdc1cc8fd4b61629fcf379257401b167c45fa53c3a019eb1bc6fb55ae8e9e74b9ad8e226163d75918f564e787f57696670688b0

Download Submit
memory/4452-1310-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-1438-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-1457-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-1690-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-1400-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-793-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-3772-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4452-3832-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads