31963fcd50ad3f44bad6c8b9436d948f638d6c640cbeaecf273917c98dc0abb8

Analysis

max time kernel
150s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdcfb6905f9d8ebb0446fc226c4868f8.exe
Size

192KB
MD5

bdcfb6905f9d8ebb0446fc226c4868f8
SHA1

16e9026f4492b2f66e39ea03d7979e6abf4a14e3
SHA256

31963fcd50ad3f44bad6c8b9436d948f638d6c640cbeaecf273917c98dc0abb8
SHA512

bd3b8cc1e4e7be5cc09d0a7955f9f45023ad43d17f7a6145ca62c6f126b57aae1e22361ba6548df71dffa75423721f3f6b5f64b890811f945f82ba3a72611e7a
SSDEEP

3072:BnEOei99xNKkeJIdACQCP9oWzFbvG55FEQeljikMTmAcThAkZThMTMz6X:He+fjQ2ZzFb45uixTmAcThAkZThMTMk

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-609813121-2907144057-1731107329-1000\desktop.ini	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-609813121-2907144057-1731107329-1000\desktop.ini	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File created	\??\c:\Program Files\desktop.ini	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\desktop.ini	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	bdcfb6905f9d8ebb0446fc226c4868f8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\rtscom.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\decora_sse.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\jdk\bcel.md	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\psfont.properties.ja	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Quic.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationUI.resources.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\security\javaws.policy	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationUI.resources.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ext.txt	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.rll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Algorithms.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Queryable.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\ReachFramework.resources.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationCore.resources.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Forms.Primitives.resources.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Uninstall.exe	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\include\jvmticmlr.h	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXml.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Primitives.resources.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\PresentationUI.resources.dll	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javac.exe	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms	bdcfb6905f9d8ebb0446fc226c4868f8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nl.txt	bdcfb6905f9d8ebb0446fc226c4868f8.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1856	2944	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\bdcfb6905f9d8ebb0446fc226c4868f8.exe
"C:\Users\Admin\AppData\Local\Temp\bdcfb6905f9d8ebb0446fc226c4868f8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 872
  2⤵
  - Program crash
  PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2944 -ip 2944
1⤵
PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
304KB

MD5
298e139957e4c188b5097f57898497f7

SHA1
1937055d1c81d3b2c55a325f2d8958e3daaec672

SHA256
aa0686d400b86a5218be49ea6e12a94ef494ca2df01f5b8d48b955405c5ec43a

SHA512
fe0cb564d378ea807e86d9f53a56a04cc4ded2f5cd85bec74605a1260cd8d7b0c866873f85ca7e53cb61aecf6e11ce81e231c672c1c0aa9436160f5c583bf9f2

Download Submit
C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2944-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2944-597-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2944-3452-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads