Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 11:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cb51961e17a5dd0dcc1941cd1c2802bb.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
cb51961e17a5dd0dcc1941cd1c2802bb.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
cb51961e17a5dd0dcc1941cd1c2802bb.exe
-
Size
332KB
-
MD5
cb51961e17a5dd0dcc1941cd1c2802bb
-
SHA1
3ee093330800eaa2479a386d6e508d14a77ef625
-
SHA256
203bf9e0e8b4d09bf8cecb2450c37fba9c5fefe79f34fe89e6ab31cc9a550cd8
-
SHA512
91502d10c358d40bdc8d5dc12f9dffab748b6ab17610278d162403e1c131a9ef2071829bd3750b90d245868577e948f18e6b878421d5c91697c9d36951ad51ae
-
SSDEEP
6144:P+fLJd6AT9N7rFcX8Wx2u9GC+EjhvGhc1zudfVh9M9soUvJm:P+DJEENo9GC+xctWdh9MZz
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-566096764-1992588923-1249862864-1000\desktop.ini cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\desktop.ini cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\desktop.ini cb51961e17a5dd0dcc1941cd1c2802bb.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Primitives.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Forms.Design.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\D3DCompiler_47_cor3.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\wsdetect.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\kaa.txt cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TraceSource.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationFramework.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationUI.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\msvcp140.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Numerics.Vectors.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationProvider.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsBase.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Internet Explorer\images\bing.ico cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ro.txt cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Controls.Ribbon.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Immutable.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Input.Manipulations.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Primitives.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationProvider.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\Microsoft.VisualBasic.Forms.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationClientSideProviders.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\System\en-US\wab32res.dll.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Calendars.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.RuntimeInformation.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationClient.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationCore.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationClientSideProviders.resources.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak cb51961e17a5dd0dcc1941cd1c2802bb.exe File created \??\c:\Program Files\Common Files\System\wab32.dll cb51961e17a5dd0dcc1941cd1c2802bb.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe cb51961e17a5dd0dcc1941cd1c2802bb.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4860 4380 WerFault.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb51961e17a5dd0dcc1941cd1c2802bb.exe"C:\Users\Admin\AppData\Local\Temp\cb51961e17a5dd0dcc1941cd1c2802bb.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4380 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 8962⤵
- Program crash
PID:4860
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4380 -ip 43801⤵PID:4100
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
445KB
MD5cc83d5195d694720f4087400f8d5780e
SHA1a8a3c64a6724549558d3e6cda6d8283bc1ab7e50
SHA2568d5beef765c1ebc0469d05a50d7542bf022d5bb91c9ba0ccbc26c005825467f9
SHA5123e991507966e7c462feceab8e457cda1ea1e74bd4e98d565489d7fe738dbc3f19447d4a192d5ae3c1f11684bd22a5f9d7c5fdb7a0036da92c02ae6e93dbe8fdd
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163