Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12-03-2024 14:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c38b1213c3783d80275fe46ba0a6fb36.exe
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c38b1213c3783d80275fe46ba0a6fb36.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
c38b1213c3783d80275fe46ba0a6fb36.exe
-
Size
370KB
-
MD5
c38b1213c3783d80275fe46ba0a6fb36
-
SHA1
5c4766401481dfc9f14193477354346dfadf1324
-
SHA256
5046243e1871d1ee98026c525628270d316e25d448185cf96e02ec31c214cacf
-
SHA512
5490290b6cf8b5ba66f059db50c04dbaaf80de7635dba65912e2315ac01d7e5812c040250956b0db8fcdcdb2dbdadc7f91f16b41d67ec61f940867bbde4517da
-
SSDEEP
6144:DhwF5w6dLyCXlHWslyPlxPDHt/OE+WvwROFCD0u0i/l:1wFQCxlyfPDEWvwROFCD0u0i/l
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\desktop.ini c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\desktop.ini c38b1213c3783d80275fe46ba0a6fb36.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\da.txt c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationClient.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-string-l1-1-0.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jabswitch.exe c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationCore.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\directshow.md c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Internet Explorer\hmmapi.dll c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsBase.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Controls.Ribbon.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Input.Manipulations.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.TypeExtensions.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ky.txt c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.Primitives.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.IO.Packaging.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.TypeConverter.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ba.txt c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\adovbs.inc c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Common Files\System\ado\msadox.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\unicode.md c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\7-Zip\License.txt c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll c38b1213c3783d80275fe46ba0a6fb36.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\PresentationFramework.resources.dll c38b1213c3783d80275fe46ba0a6fb36.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.CodeDom.dll c38b1213c3783d80275fe46ba0a6fb36.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3224 5036 WerFault.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\c38b1213c3783d80275fe46ba0a6fb36.exe"C:\Users\Admin\AppData\Local\Temp\c38b1213c3783d80275fe46ba0a6fb36.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:5036 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 10122⤵
- Program crash
PID:3224
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5036 -ip 50361⤵PID:3636
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
483KB
MD50485f5e01bb9938e0b3c420c51a218e4
SHA1881c912918ddb86b2e437518db82c7276f4ded06
SHA25683969b4613e11cd78424c7df70a14d4dc250e906b265d31d78a859ebe176a451
SHA512eb96c3be09e57f440a0dce508b1941d19d90827568c26b44f90d3f98a592176fa0f2efbb9b8a768cc1fec550bb7537a5edcb14eb8946896ef8ef7847e24f9536
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163