6c5d2da0b0d4e2eff96f31d07d89771a61ba7a91e7abb49127a5c93396d3a910

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2b48aa5c7b7e083638d97ebe0439ff8.exe
Size

347KB
MD5

c2b48aa5c7b7e083638d97ebe0439ff8
SHA1

9ce4059751d284662102455875500910cd67aa43
SHA256

6c5d2da0b0d4e2eff96f31d07d89771a61ba7a91e7abb49127a5c93396d3a910
SHA512

b62cd6479c7f1a6f17690ba4be8e981341c59850e826bb110123b202b9f89d2652d7806b9eaf3eb95d3b27efbf3659c0d9468e1396697987ecef2bd72727c08c
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTMi:JXEkqeolrix1c60yF

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3270530367-132075249-2153716227-1000\desktop.ini	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3270530367-132075249-2153716227-1000\desktop.ini	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\desktop.ini	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\desktop.ini	c2b48aa5c7b7e083638d97ebe0439ff8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\jdwp.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.MemoryMappedFiles.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msadomd28.tlb	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ba.txt	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jmc.txt	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebClient.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.resources.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\include\jawt.h	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\README.txt	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\LICENSE.txt	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.OpenSsl.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Controls.Ribbon.resources.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationUI.resources.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Immutable.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Json.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Xaml.resources.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\zip.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Accessibility.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\jdk\asm.md	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\Microsoft.VisualBasic.Forms.resources.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cy.txt	c2b48aa5c7b7e083638d97ebe0439ff8.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml	c2b48aa5c7b7e083638d97ebe0439ff8.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4040	2136	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\c2b48aa5c7b7e083638d97ebe0439ff8.exe
"C:\Users\Admin\AppData\Local\Temp\c2b48aa5c7b7e083638d97ebe0439ff8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2136
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 512
  2⤵
  - Program crash
  PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2136 -ip 2136
1⤵
PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
460KB

MD5
cb6353bf04b1f7a11fef2e60a5be8c65

SHA1
9bde82f636b90e57aa371c490a647b56772ad1f6

SHA256
008d1f07b9ea0cc9150407f5394b21c30c12de175247b81289a009fba4fff49c

SHA512
d8dd36b1271766222cc9241b3ca6dc00369e698a9875582c6f6e7c44b22dd0b776b85a01b2121ecafd78ffda313f664d1da3ff7752787e25829bcd65f676fa0d

Download Submit
C:\Program Files\Java\jre-1.8\bin\javacpl.cpl

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2136-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2136-2031-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads