Overview
overview
10Static
static
101.bin/1.exe
windows10_x64
102019-09-02...10.exe
windows10_x64
1031.exe
windows10_x64
103DMark 11 ...on.exe
windows10_x64
15da0116af4...18.exe
windows10_x64
10Archive.zi...3e.exe
windows10_x64
6CVE-2018-1...oC.swf
windows10_x64
3CVWSHSetup...1].exe
windows10_x64
4DiskIntern...en.exe
windows10_x64
1ForceOp 2....ce.exe
windows10_x64
10HYDRA.exe
windows10_x64
10Keygen.exe
windows10_x64
10Lonelyscre...ox.exe
windows10_x64
1LtHv0O2KZDK4M637.exe
windows10_x64
10Magic_File...ja.exe
windows10_x64
1OnlineInstaller.exe
windows10_x64
10Remouse.Mi...cg.exe
windows10_x64
1SecurityTa...up.exe
windows10_x64
8Treasure.V...ox.exe
windows10_x64
1VyprVPN.exe
windows10_x64
10WSHSetup[1].exe
windows10_x64
3___ _ ____...��.exe
windows10_x64
10___ _ ____...��.exe
windows10_x64
10amtemu.v0....ed.exe
windows10_x64
10api.exe
windows10_x64
1default.exe
windows10_x64
10efd97b1038...ea4.js
windows10_x64
3good.exe
windows10_x64
10infected d...er.exe
windows10_x64
8oof.exe
windows10_x64
10ou55sg33s_1.exe
windows10_x64
10update.exe
windows10_x64
10Resubmissions
12-11-2021 18:04
211112-wnzb8aahhm 1019-11-2020 10:08
201119-rhwlt38jrx 1018-11-2020 17:26
201118-htd4fq29va 10Analysis
-
max time kernel
141s -
max time network
318s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
12-11-2021 18:04
Behavioral task
behavioral1
Sample
1.bin/1.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral2
Sample
2019-09-02_22-41-10.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral3
Sample
31.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral4
Sample
3DMark 11 Advanced Edition.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral5
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral6
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral7
Sample
CVE-2018-15982_PoC.swf
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral8
Sample
CVWSHSetup[1].bin/WSHSetup[1].exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral9
Sample
DiskInternals_Uneraser_v5_keygen.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral10
Sample
ForceOp 2.8.7 - By RaiSence.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral11
Sample
HYDRA.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral12
Sample
Keygen.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral13
Sample
Lonelyscreen.1.2.9.keygen.by.Paradox/Lonelyscreen.1.2.9.keygen.by.Paradox.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral14
Sample
LtHv0O2KZDK4M637.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral15
Sample
Magic_File_v3_keygen_by_KeygenNinja.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral16
Sample
OnlineInstaller.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral17
Sample
Remouse.Micro.Micro.v3.5.3.serial.maker.by.aaocg.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral18
Sample
SecurityTaskManager_Setup.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral19
Sample
Treasure.Vault.3D.Screensaver.keygen.by.Paradox.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral20
Sample
VyprVPN.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral21
Sample
WSHSetup[1].exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral22
Sample
___ _ _____ __ ___/전산 및 비전산자료 보존 요청서/전산 및 비전산자료 보존 요.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral23
Sample
___ _ _____ __ ___/전산 및 비전산자료 보존 요청서/전산 및 비전산자료 보존 요.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral24
Sample
amtemu.v0.9.2.win-painter_edited.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral25
Sample
api.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral26
Sample
default.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral27
Sample
efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4.js
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral28
Sample
good.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral29
Sample
infected dot net installer.exe
Resource
win10-en-20211014
windows10_x64
Behavioral task
behavioral30
Sample
oof.exe
Resource
win10-en-20211104
windows10_x64
Behavioral task
behavioral31
Sample
ou55sg33s_1.exe
Resource
win10-en-20211014
windows10_x64
General
-
Target
SecurityTaskManager_Setup.exe
-
Size
2.9MB
-
MD5
444439bc44c476297d7f631a152ce638
-
SHA1
820fcb951d1ac8c2fda1a1ae790f52eb1f8edf2e
-
SHA256
bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3
-
SHA512
160f4b095d37a9f4c6279a4a19f072e170c5f819d0e8e588b2503711b9e2eaac9567b48a9e42bf15af50ba60e64ef97a64e003230369aec0b032cb2030fdca00
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 944 setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Security Task Manager\LisezMoi.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\manual_en.pdf setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\readme.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\ascode.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_dutch.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_english.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_english.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\sqlite3.dll setup.exe File created C:\Program Files (x86)\Security Task Manager\order.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\Setup.exe setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\LisezMoi.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\TaskMan.exe setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\SpyProtector.exe setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\TaskMan.exe setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\taskman_ru.chm setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\Formulaire.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_portuguese.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\order.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\ordina.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_french.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_japanese.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_polish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\Setup.exe setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_japanese.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\ascode.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_czech.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_danish.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_french.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\uninstal.exe setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\psapi_.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\taskman_en.chm setup.exe File created C:\Program Files (x86)\Security Task Manager\taskman_en.chm setup.exe File created C:\Program Files (x86)\Security Task Manager\taskman_fr.chm setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\uninstal.exe setup.exe File created C:\Program Files (x86)\Security Task Manager\Formulaire.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_korean.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_norwegian_bokmaal.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\SpyProDll.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\taskman_de.chm setup.exe File created C:\Program Files (x86)\Security Task Manager\bestell.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\sqlite3.dll setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_russian.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\SpyProDll.dll setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\manual_de.pdf setup.exe File created C:\Program Files (x86)\Security Task Manager\file_id.diz setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\liesmich.txt setup.exe File opened for modification C:\Program Files (x86)\Security Task Manager\lgs_danish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt setup.exe File created C:\Program Files (x86)\Security Task Manager\manual_fr.pdf setup.exe File created C:\Program Files (x86)\Security Task Manager\manual_en.pdf setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4000 wrote to memory of 944 4000 SecurityTaskManager_Setup.exe 69 PID 4000 wrote to memory of 944 4000 SecurityTaskManager_Setup.exe 69 PID 4000 wrote to memory of 944 4000 SecurityTaskManager_Setup.exe 69
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4000 -
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe".\setup.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:944
-