Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 16:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c91108362cdb481352597a732207bd38.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c91108362cdb481352597a732207bd38.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
c91108362cdb481352597a732207bd38.exe
-
Size
437KB
-
MD5
c91108362cdb481352597a732207bd38
-
SHA1
9418c99b239cf15f43d489761bd35d1ba9888b0a
-
SHA256
884fc4b007ef10341fc6cc0f9132ddab16cb2c0f573e3f17f801b8581acec65a
-
SHA512
793a5a4cea578ac7d2aeeae6ed7a91f34dcccf06eb7cb97a6904998f002805162a0e4cee39e95d04ff81e941c0deddb010388a1d571f5adbaa76d3ef31d55c76
-
SSDEEP
12288:P+Iz16fjXxO0WKBLWoD1FI5dCHab6EcDrVv7:314sKFD1q6EcDrVv7
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\Program Files\desktop.ini c91108362cdb481352597a732207bd38.exe File created \??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\desktop.ini c91108362cdb481352597a732207bd38.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\7-Zip\Lang\yo.txt c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-1.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\hu.txt c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\pa-in.txt c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\tpcps.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationFramework.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsBase.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.Primitives.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationTypes.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationProvider.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Internet Explorer\ielowutil.exe c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClientSideProviders.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\WindowsBase.resources.dll c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\Welcome.html c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClientSideProviders.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\include\jvmti.h c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\ktab.exe c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationTypes.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Internet Explorer\en-US\iexplore.exe.mui c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Internet Explorer\IEShims.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NetworkInformation.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jarsigner.exe c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\native2ascii.exe c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui c91108362cdb481352597a732207bd38.exe File created \??\c:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Xaml.resources.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ps.txt c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\msvcp140.dll c91108362cdb481352597a732207bd38.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll c91108362cdb481352597a732207bd38.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4564 1476 WerFault.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\c91108362cdb481352597a732207bd38.exe"C:\Users\Admin\AppData\Local\Temp\c91108362cdb481352597a732207bd38.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1476 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 9242⤵
- Program crash
PID:4564
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1476 -ip 14761⤵PID:4396
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
550KB
MD5ba9515373451b698acc4e9a30736e0ef
SHA160dbb0ebdd982e85cb2f7f2bd2034c495347ac5c
SHA256cb93bd512ef247d30310aa74bfc8526997e037d021942b501bd9ec046efe5d47
SHA512f084d794122c8efd64eab7d02882a62a7978f02a376d9e260189ce7c6b5130708c2e5a56ba03dd178a574e0f9b442fd63c12106088dfcaf125c391a903125b60
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163