Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 12:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c8a5ea841e482e78d400503a0c16d1e5.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c8a5ea841e482e78d400503a0c16d1e5.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
c8a5ea841e482e78d400503a0c16d1e5.exe
-
Size
270KB
-
MD5
c8a5ea841e482e78d400503a0c16d1e5
-
SHA1
70f1497be3dfc55e029abbd7f13963e1b8eecf56
-
SHA256
b9c825d954461c8513f6c0bdd34468fb25e447039e905d0fa669ab3d2f63e1a1
-
SHA512
32fc8dd6a693e8f4193b5e068a4ab9a2b0f88a8fe6eddce818b39aa710684d1e8aee1dc1ffe85913950fd914654e4b35353eb7abdff992677e4b1fef03fef151
-
SSDEEP
6144:P+fAnXc4W534XA1M2yPKyXBZSg/K8pr6lwj7ch/d:P+AXc4c4B6mjk
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-1904519900-954640453-4250331663-1000\desktop.ini c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-1904519900-954640453-4250331663-1000\desktop.ini c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\desktop.ini c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\desktop.ini c8a5ea841e482e78d400503a0c16d1e5.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\orbd.exe c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.EventBasedAsync.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\EnterEnable.TTS c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.TypeConverter.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\msdfmap.dll c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\asm.md c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.ProtectedData.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\ReachFramework.resources.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationFramework.resources.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationTypes.resources.dll c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Xaml.resources.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\System\Ole DB\oledb32r.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\coreclr.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\instrument.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\klist.exe c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\ReachFramework.resources.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md c8a5ea841e482e78d400503a0c16d1e5.exe File created \??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\ucrtbase.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationFramework.resources.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\msdarem.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\unpack200.exe c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\resource.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll c8a5ea841e482e78d400503a0c16d1e5.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\include\jvmti.h c8a5ea841e482e78d400503a0c16d1e5.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1120 8 WerFault.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8a5ea841e482e78d400503a0c16d1e5.exe"C:\Users\Admin\AppData\Local\Temp\c8a5ea841e482e78d400503a0c16d1e5.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:8 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8 -s 7562⤵
- Program crash
PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3880 --field-trial-handle=2304,i,7548677271533893574,11048237606705436109,262144 --variations-seed-version /prefetch:81⤵PID:1632
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 8 -ip 81⤵PID:4592
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163
-
Filesize
5.3MB
MD5d6b8464a2acfaa2e0224a078f33e6b73
SHA1c8a41ff2ee2ee8352c4ce28e2287190fc79501cb
SHA256a14d6afe719d6bce2aedce74866f5527612fac362c61c56abd7c6226b6d45c68
SHA512a6918014c0c22c0c313a6126683eb0b6781b54ebbb88a7fbbb15999f134888176285b85176492c5de203ca5becc99231a4617bc976c657d73e62e52536c35b11