10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd

General

Target

10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
Size

24.1MB
MD5

2c80f52463d1e9e8a05222bac5b8bda9
SHA1

fd1cd8f315938399fe0063b78416e4e82e534a02
SHA256

10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd
SHA512

e97af9512fdef98f877cad609c490e1493246fcbfe8209e0b93eeb30d6c564a575e4b5e9ba0c1c70dc23ffbd0226aee863637ba97b42530e7686306b3c4166af

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe

pid process

1384 10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
1384	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe

Drops file in Program Files directory 64 IoCs

Processes:

10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Plaza2\P2Tbl.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\SharpDX.DXGI.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\User\Sound_08.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\User\Sound_10.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Asts\mtesrl64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Oec\API.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\cgate64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\msvcr110.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\P2SysExt64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\App\OrderRejected.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\User\Sound_07.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\User\Sound_09.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\ActiproSoftware.Editors.Wpf.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\ru\TigerTrade.resources.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\P2Tbl64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Transaq\txmlconnector64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Mt5\TigerTrade.Data.ex5	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\ru\TigerTrade.Dx.resources.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File created	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Uninstall.ini	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Quik\TigerTrade.Quik.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Plaza2\cgate.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Plaza2\P2DB.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\App\OrderCancelRejected.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\App\OrderModifyRejected.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\User\Sound_02.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Asts\MOEX.ASTS.Client.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\P2Sys64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\ru\TigerTrade.Core.resources.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\TA-Lib-Core.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\TigerTrade.Chart.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\TigerTrade.Dx.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\cgate_net64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Mt5\TigerTrade.Expert.ex5	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\msvcp110.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Mt5\TigerTrade.Expert.ex5	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Plaza2\P2ReplClient.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Mt5\TigerTrade.Data.ex5	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\ActiproSoftware.Text.Wpf.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Rithmic\rapiplus.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Plaza2\msvcp110.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\ActiproSoftware.Grids.Wpf.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\SmartCom\SmartCOM3Lib.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Transaq\txcn.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Transaq\txmlconnector.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\App\OrderFilled.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Uninstall.exe	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Oec\ProtoSharp.Core.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Plaza2\P2ReplClient64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\SharpDX.Direct2D1.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\App\OrderCanceled.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\TigerTrade.exe	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Asts\bzip2.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Common\WebSocket4Net.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Oec\CommLib.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Quik\TigerTrade.Quik.lua	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors\Transaq\txcn64.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Plaza2\P2MQRouter.exe	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Microsoft.ApplicationInsights.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\SharpDX.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\ActiproSoftware.SyntaxEditor.Wpf.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\User\Sound_05.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Sounds\App\Disconnected.wav	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\Plaza2\P2SysExt.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
File opened for modification	C:\Program Files (x86)\TigerTrade\TigerTrade Setup\Connectors32\SmartCom\SmartCOM3Lib.dll	10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe
"C:\Users\Admin\AppData\Local\Temp\10b23d045ab871084be9f00ff832c51292af947eacb4dbb62a23d3738a3299cd.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:1384

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files (x86)\TigerTrade\TigerTrade Setup\TigerTrade.exe
Filesize
3.7MB

MD5
1ab8c07d8bf24b5974d0b80e3c071468

SHA1
ef897da78987da14805d3aa55098c4d59ab5f2fa

SHA256
2afd02f111e765da175ed2c75c33da025df919e4ea4bb0d36c016cb677dc4211

SHA512
a7cc0094c5d49687589904736f3614d4ffae494811ca0e8ce3aff337d18db67723df365d2ab9603eadae5ba4c6678f2a4ac0f27bc378b5e3da997e1bb1ed59ce

Download Submit
memory/1384-54-0x0000000076011000-0x0000000076013000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing