Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/03/2024, 03:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ba712dc759e2b5ff0cc89a7df3702f2a.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ba712dc759e2b5ff0cc89a7df3702f2a.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
ba712dc759e2b5ff0cc89a7df3702f2a.exe
-
Size
27.8MB
-
MD5
ba712dc759e2b5ff0cc89a7df3702f2a
-
SHA1
664428988af7666d3bb12709e5d89369d48edb19
-
SHA256
c4e22d5b376632e03b43ef1e9a5b74da0b5bc1f01f9061c4191a137c28e8dd8d
-
SHA512
988c2e099a18860388d5933c43570c18c819ca583c124cdf29872706724b40d7072afc0c2569e2e5f5640fa3d4bb83f2f3d39f988e3ebc81f9c208f99c5c0499
-
SSDEEP
196608:DMct4b/pCBnvjeApaAvktMzmMnglrB3ytPqVxUQVmBDTSWhkb8JkJY:zt4bINvjtIAvkKn80PqbsBDTibDY
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini ba712dc759e2b5ff0cc89a7df3702f2a.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\7-Zip\Lang\pt-br.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\tpcps.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\System\ado\msadox28.tlb ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\mn.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\CloseExport.mhtml ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsen.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msador28.tlb ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ka.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\tpcps.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\en.ttt ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\InkObj.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ba.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\tg.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\fi.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msadox28.tlb ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\lt.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msado15.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\System\ado\msador28.tlb ba712dc759e2b5ff0cc89a7df3702f2a.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sr-spl.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui ba712dc759e2b5ff0cc89a7df3702f2a.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sa.txt ba712dc759e2b5ff0cc89a7df3702f2a.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4608 2064 WerFault.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba712dc759e2b5ff0cc89a7df3702f2a.exe"C:\Users\Admin\AppData\Local\Temp\ba712dc759e2b5ff0cc89a7df3702f2a.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2064 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 4762⤵
- Program crash
PID:4608
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2064 -ip 20641⤵PID:1052
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.7MB
MD5335835eb9e68ea4a6444267f8f33fb46
SHA1dd2e5b1215d70f051387f572c886edc6d3f485cd
SHA256be45b1615438d51c6f1e495202a9d1c5ef3c9532be9306f5b48673109ba742f6
SHA5121dd0ae64eb922f59974a722f6bb50ce9d367c4ba2a7d51e7e4a83b493a15b98770831ed00cdf9a8a465f079973ce8a86325337727b1d6dc4b31dbe99dfdd771b
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163