dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
06-07-2022 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe
Size

5.5MB
MD5

de9ecdd7e1aed7256d761e4a399f2aff
SHA1

e545ba543b8ac0d09457878c24592d941c58df17
SHA256

dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c
SHA512

de67783e43521f909359054c9f6e69fc56f7b0b7268f0e7f92dc1f665abffae26073943a631447b979b5c2ffc4df0da9500148efa823e21c11b8aa91b27bfe4a

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\Aorta\Aorta.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\Aorta\Aorta.dll	acprotect

Executes dropped EXE 1 IoCs

Processes:

AIMPac.exe

pid process

2028 AIMPac.exe

pid	process
2028	AIMPac.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\Aorta\Aorta.dll	upx
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\Aorta\Aorta.dll	upx

Loads dropped DLL 27 IoCs

Processes:

dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exeAIMPac.exe

pid	process
1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe
2028	AIMPac.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AIMPac.exe

pid process

2028 AIMPac.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

AIMPac.exe

pid process

2028 AIMPac.exe

pid	process
2028	AIMPac.exe

pid	process
2028	AIMPac.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.execmd.exe

description	pid	process	target process
PID 1564 wrote to memory of 956	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	cmd.exe
PID 1564 wrote to memory of 956	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	cmd.exe
PID 1564 wrote to memory of 956	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	cmd.exe
PID 1564 wrote to memory of 956	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	cmd.exe
PID 956 wrote to memory of 1688	956	cmd.exe	attrib.exe
PID 956 wrote to memory of 1688	956	cmd.exe	attrib.exe
PID 956 wrote to memory of 1688	956	cmd.exe	attrib.exe
PID 1564 wrote to memory of 2028	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	AIMPac.exe
PID 1564 wrote to memory of 2028	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	AIMPac.exe
PID 1564 wrote to memory of 2028	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	AIMPac.exe
PID 1564 wrote to memory of 2028	1564	dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe	AIMPac.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1158

Processes:

attrib.exe

pid process

1688 attrib.exe

pid	process
1688	attrib.exe

C:\Users\Admin\AppData\Local\Temp\dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe
"C:\Users\Admin\AppData\Local\Temp\dee2a883e9c3da8479f74ab09900c835ccfd1ec495ce57d200857dbb72ac569c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1564

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c attrib +h "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000"
2⤵
- Suspicious use of WriteProcessMemory
PID:956

C:\Windows\system32\attrib.exe
attrib +h "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000"
3⤵
- Views/modifies file attributes
PID:1688

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMPac.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMPac.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2028

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMP.Runtime.dll
Filesize
10.2MB

MD5
baad6e8b6af9c0840167952e24cd6570

SHA1
0a51bb40a1a625b4ff8e06a7ba266c091dcf27f6

SHA256
bf02904c9e42d3bf2d48e15fa5ec1fafe1f91b7e457f30015cba4ffe224a39b6

SHA512
292ac9b2e270db4169095f61b7d6a27826e94a0296e03acdb7974463e1ffb4d1c7cd5e162c64a387e623ad17bcbc8829af3231acd3ea6df833c6777872782bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMP.Shared.dll
Filesize
3.7MB

MD5
c129c2a02b28c5b83733fb05e73448cf

SHA1
bc94421a5bf0ec694bdcbf41cdc2715e79aca608

SHA256
c6a581cd6b236840a7bb4fb00db75aaec62138b6e7ba934c909db6c8dd6b42d4

SHA512
3089bea210b5b692ee203b507603436ccba210d66454a0e3ef63d4f4d7713d3866037e7420f725ba0f38973309d2696bf7b719e98f167309942c4c506451a2af

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMP.ini
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMPac.exe
Filesize
354KB

MD5
b7a9e0a7aac0481e2eefb3f6ddab291f

SHA1
60372c8f0bd432896e78211bee1e961b31415e26

SHA256
bea7d9e1b7c3c33810f45da29f47c828366a9ee4cacada01e5e9ea11b1171b44

SHA512
809613351a9a55fbe1986277f54f78c81eff39e3e96384b4822d642a5cfc72170f20e510d5782a601bc0806184d6d6714a7c8eb4e29e39b4e7aedec3ca47406b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Langs\simplified_chinese.lng
Filesize
57KB

MD5
e77a98f854df2042b5d1a9f35409fcca

SHA1
a74172e2bed41813043721661a02fb9d6ab2f0c4

SHA256
b6973eac547f96886354f9e2a629d36638f01bb87a0022efe12d7124d8a3a57c

SHA512
5efae7266e2c47185d22d5efafdca4b82d32414b3b110a7a652e7ff1a725a8a2df58247f26efc7a5d15fa0c384326acb29d7a2d48b47a477fe7b96c36cb2abba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\Aorta\Aorta.dll
Filesize
26KB

MD5
ed2a50e64ceb9a8a38e371242be28095

SHA1
65566d7337429320d367a014f356c939d708fce6

SHA256
c0a8ac0f1ac04272918cab6bc5b19de5127aad6e52f9668d7565235cf0218d07

SHA512
a1b6b994cd27ec657e5aa211d40a4911c2949ca674700d188c0fdaf976cc857710e0405df5b66d9c289c5a3bf9d8789a9666d621a122048f24b63beb721a3701

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_aac\bass_aac.dll
Filesize
146KB

MD5
526e02e9eb8953655eb293d8bac59c8f

SHA1
7ca6025602681ef6efdee21cd11165a4a70aa6fe

SHA256
e2175e48a93b2a7fa25acc6879f3676e04a0c11bb8cdfd8d305e35fd9b5bbbb4

SHA512
053eb66d17e5652a12d5f7faf03f02f35d1e18146ee38308e39838647f91517f8a9dc0b7a7748225f2f48b8f0347b0a33215d7983e85fca55ef8679564471f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ac3\bass_ac3.dll
Filesize
14KB

MD5
bd43c88917d6234ff962b6e88b648b8c

SHA1
b10dfd375fa4ab16aa3633d19c5515a8fb10a738

SHA256
7bcf3b8ce9d56334146f53fc632d2c6c6f32ea5c8e1948abd89938f044424f66

SHA512
0d089714c6ec2e5d69465020e1323ebfab4ae26bd5febfd477566fac35e67ee8796d6b65d99c87e840b037f0bbb6740e5e67dff634273d73bdee8ae499f284df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ac3\loading_order
Filesize
9B

MD5
abcd35b4e4b6e72ee7d5f759b3711ec9

SHA1
c1f52ff5a73274bdde2c4f492c9ed5cb03fa926b

SHA256
aa7c27598456a2fbdd4aec5abf4525ba79d3738693328cd9927a7c44fec64f23

SHA512
adeba0020deb913b7822d6ca0b302c283fe1ab37fa497b182f49c5ba6367eaed0d0f89d054205467e263a2443d2962511b11098ebdb64155c729bc5aa3724b54

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_alac\bass_alac.dll
Filesize
9KB

MD5
6b6344cd7efc4916f58d177045674fc9

SHA1
11bfd217fbf636e591d4b35a4b2d6c800649d241

SHA256
f57c2e18acee1a13bd9bc6a442a9ad7a10deae2c0709a653fa10cf342586cca3

SHA512
9a49cb885c8d0b68b39974e12ca97c5477b4828b40cba9e8d2cf401e608005db4fb2b8b5daf0e41486cb6edb7c309f675e5928c65ad6237e44990c55a9dcff82

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ape\bass_ape.dll
Filesize
37KB

MD5
b0c12c5944d754cb1262a93ac60cb227

SHA1
c66eb28e01884c1245c260f8c2cea31b31affe21

SHA256
08e21c769acbe442fa05db72a79866c9fb7745c97a1dd51f0f2224b74504a6f3

SHA512
494dc0097c27c479299c5ae8826e6bc0a542691d8a6d058de41c98c33984a973a31489b398c84dc9266180daa03ce5a32ba24d33a696744716cfc4f953f6d758

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_flac\bass_flac.dll
Filesize
28KB

MD5
e2a26f0c195b75d520d39eac4e4c804b

SHA1
5f8722e8d831c445c0fc0ddc728eea38086b0abf

SHA256
ab7aa41383016b5ba7e8e2db7d4e537dddee1ff76787e71318cff59334070c26

SHA512
7bf57f8210745e9d54d099a7411713c928adc6cea5243651fd43e5ad700662fd51a376e15fc6b99bf630d69039eb9039e034d22c073ba3d5ce5b18ba0af25b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_hls\bass_hls.dll
Filesize
12KB

MD5
fb9d6cbf4f4fcd6966b17c84778c10c4

SHA1
b15bd35e864eef42388965dd0a86568ef4cf64b4

SHA256
caf6a84e074268bb7eb19e63e2a34eb1f133eb8590bd55e4772002e507c45992

SHA512
dee872c894549b8e2ee4229f0995bdc99647755a1263c6e46e4f6bf9272d5fa44c1af20cfce2edebfd9fc37a0d767b486d1c176f4183459e6805ef062b63dbb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_midi\bass_midi.dll
Filesize
57KB

MD5
0140838049533f988d8845ae522589fa

SHA1
920b5136e9f66fa9477bee28587643950cf76e02

SHA256
3c0b1b053c998065f08edc4ef364a89aae19ddf206c6ca679f00e4d463d06d0d

SHA512
a380476204f8928e526cc24f2cb09506360dc0926630772a8513f8dee05a87014bd9e625d6ca3d6e398b2f44b62dceef8d05e8c0841eb1131950089bb494c72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_mpc\bass_mpc.dll
Filesize
20KB

MD5
a44fae0c3dd8a375857886407cbd454b

SHA1
5039e76df8ce67ad8477b57eeddf6aefc2a68079

SHA256
35dbc8e6aadb62c6f102634d167fea5d53a7ae38d046efc639f455140626300a

SHA512
b6a1c59f578976fca35c63ef31b10fb96c024c390fa2662ffdf7a8e635d18d7be333e511b8c1e636db89c031d5580e31a7dd359b7d750c15a6573f44d845c0b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ofr\OptimFROG.dll
Filesize
209KB

MD5
2c747f19bf1295ebbdab9fb14bb19ee2

SHA1
6f3b71826c51c739d6bb75085e634b2b2ef538bc

SHA256
d2074b91a63219cfd3313c850b2833cd579cc869ef751b1f5ad7edfb77bd1edd

SHA512
c100c0a5af52d951f3905884e9b9d0ec1a0d0aebe70550a646ba6e5d33583247f67ca19e1d045170a286d92ee84e1676a6c1b0527e017a35b6242dd9dee05af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ofr\bass_ofr.dll
Filesize
5KB

MD5
b3cc560ac7a5d1d266cb54e9a5a4767e

SHA1
e169e924405c2114022674256afc28fe493fbfdf

SHA256
edde733a8d2ca65c8b4865525290e55b703530c954f001e68d1b76b2a54edcb5

SHA512
a836decacb42cc3f7d42e2bf7a482ae066f5d1df08cccc466880391028059516847e1bf71e4c6a90d2d34016519d16981ddeeacfb94e166e4a9a720d9cc5d699

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_opus\bass_opus.dll
Filesize
67KB

MD5
26c74f5e9df6c59ded3b09335e5d82ad

SHA1
d9d3456e9f4d0ee659e3bbc1adfc49bfcdc92645

SHA256
bcd12511a18199823676f88f1eccbc7d192a591d60ab4e74d994bd6b6449397a

SHA512
3209d2d4bc75c3aa36ea0e858db9cbc3c6488c5fe65a5c700080cf6c052aa36604cf4a71667839e793817aca31dc2e80dc8040195fc4b6c64dc290c9adbcb512

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_spx\bass_spx.dll
Filesize
35KB

MD5
6c282646b74671bf9c99361d238dfda7

SHA1
04f8188971d766a5fe649a79b98c82359f9de9f4

SHA256
72b842141069b6cb4a7af7401ce19fd5e76874064a94b09449a2888e0348cc0b

SHA512
0b5fd2f0a765667a95a891cf981b7822a94dd996e772ab87ef976c2d3f8d84884371ff3a265955881e749aae80d7b87c2ff361443f2eea6f709a85af79dcf6e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_tta\bass_tta.dll
Filesize
7KB

MD5
1268dea570a7511fdc8e70c1149f6743

SHA1
1d646fc69145ec6a4c0c9cad80626ad40f22e8cd

SHA256
f266dba7b23321bf963c8d8b1257a50e1467faaab9952ef7ffed1b6844616649

SHA512
e19f0ea39ff7aa11830af5aad53343288c742be22299c815c84d24251fa2643b1e0401af04e5f9b25cab29601ea56783522ddb06c4195c6a609804880bae9e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_wma\bass_wma.dll
Filesize
17KB

MD5
476bda1ee12c760a29e4ee43f593f878

SHA1
082b0f14c6c14a436fd85da865d2123ec2906c9c

SHA256
e1eb85821ebc1cdb879fbaa564c9d0a416aa7d4cb27fe8f4831c3956775c754c

SHA512
db0618a1072e9a21097c28c3805e11f13dc7b86fc47f008c7ba256a53dedbfb910383245ef7b558a03613c5bedd898c6d24fbaac09bb88330098ee9d18828171

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_wv\bass_wv.dll
Filesize
27KB

MD5
4304c0e41adc990c05042b5aef6a9e08

SHA1
dd4507b408107aa4fd2c9f91e2b1916c7e4fd9af

SHA256
561dee66a6a3ee26120503c3cd184bb224841382cbb799c2ea1006154a17ad28

SHA512
67406f2c3d4e14b4433d2ac626d3f25939eedfb828439a0fab523a55ac2687b5185bc998efa18069f7e295de26314cd440c74de478f62f916f150d3f540f20d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\tak_deco_lib\tak_deco_lib.dll
Filesize
110KB

MD5
2b1e911193a313207850bf0260317879

SHA1
d69ceb9b9a8072d8aa58a51ba767fe2787ca26ac

SHA256
615909b0e8c57e7f9eceac0390686ff3b8c4d75a004598590dd4a2d9f6b0ab18

SHA512
0790bf9b8513e82460d4ee1df3decec7f94327bd93fc3672ebd3b1459a8a16f1d5e8d4ae652db595a485e3289b110fcdc1f43930ee45bac67823ded977423e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Data\Catalogs-AlbumArt.ini
Filesize
9KB

MD5
e40a96e4cd473e22bcc466633c737cea

SHA1
2dd73bd1e58ecbec2af666c26baae5084babe15d

SHA256
553c4025bc0c455f75c908c9443c8d7c5b0c5a8d8c40e8c5106db76f036429f3

SHA512
4cb4e30f8eb830c8d20e00194b71a0804e6a0101c42496d130b1b81b5423a29fa5d36d77506f7f5fe3d298b4c5d6006ffffc13ceaff61fabdd9129b9bec6d3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\Encoders.xml
Filesize
23KB

MD5
3e12735714de8a40a409cb3ed05656b5

SHA1
2003ad8c7aceb0b6e129642d123e13eaadf80f26

SHA256
c5ac168fdcebf3c25287f82f4c3162762bd84ae43107bc33e8b3789d0e6d69e3

SHA512
7fbfa500266c1ba7d5877ef8a1f4df55d26921f573e4e3ae6bb04fb5fa59d136a946223e87563cdff35bbd6c3c1245faa4da2f8db14f58e875fd086ce031da10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\MACDll.dll
Filesize
486KB

MD5
b48747f23588ba96cd93bb668ec0684a

SHA1
19234a5e589ddc923be478fccdc5d5292c34c66c

SHA256
b9427da9ecfa8a9449c8e4753ebf244a703c4d792895f6b163dce61ecdcf8a0e

SHA512
86adba13285bb277acbb5cec749fca560acf99064e9d9663f1d79319e3752083879688deedffd26fbbb86c4ec15b4f382c07a71b2e9d9e40ceb25bfc5d3702cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\aimp_libvorbis.dll
Filesize
803KB

MD5
2661e63c2f05bac41ce2cbb6d7e93f13

SHA1
660355422fd7d77d6bc2cd8b1908382668f8091d

SHA256
e0fbafccea49cf7297924fa9c0240c16be12c9674c8a752f795df6404b8c0744

SHA512
bd72453d68f871726beb05f515e37db2cfef0ad7ae35e643fdc0774cab42b3a9030c49fe992428ae9b363d6e88edcb5cfc0782b18dae0d8fcf73cc51a5f85ed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\lame_enc.dll
Filesize
279KB

MD5
c489fc96906ce2811b0c849eebc72950

SHA1
f2a03482a27438e18f4edcb1cc801914012492cd

SHA256
37983d8b29d4d95a058d1a95eeb20e42144fe17407c07138f88387ebc336dbe1

SHA512
a1018c8311ba80d8097ac050fa604c88821e52fe3c649ff6259c597984baa4e271e7e3791239ec63289cd30f87a52f170308ba41566548e3cbfa73ff3928c02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\libFLAC.dll
Filesize
642KB

MD5
9d5b1cbced9e5433816b5b4e16f78a73

SHA1
a9dd2108500d66523d620a4636f7f02c40dfd746

SHA256
f416f6dabea3a148d896f18aafd9b7a0e7bc3327179f6c29d67cb8a925b33c74

SHA512
fd0ae2c7e3b0ef1ce08607411495972dcf16b1ee46e1e3237eb45bd6f98b3c569c354b0c7e0a113ea1f6d33edd9bb8bd9a816ef5767ede479eb3862e0511a08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\wavpackdll.dll
Filesize
252KB

MD5
db191b89f4d015b1b9aee99ac78a7e65

SHA1
8dac370768e7480481300dd5ebf8ba9ce36e11e3

SHA256
38a75f86db58eb8d2a7c0213861860a64833c78f59eff19141ffd6c3b6e28835

SHA512
a27e26962b43ba84a5a82238556d06672dcf17931f866d24e6e8dce88f7b30e80ba38b071943b407a7f150a57cf1da13d2137c235b902405bedbe229b6d03784

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\libsoxr.dll
Filesize
201KB

MD5
6fe0fdc0bf01f74b3d64f054dda9cf55

SHA1
c1e21f712d012e9d6c46995026718dfddd01a248

SHA256
028d0b073c95685515c6f28632a43120358df120e5c11440abd436e1f7da75b9

SHA512
36e26ddc79d7226da0b25d0cb23eb2b4b6fa53b0e046ca8f889ab0f59e267b4117e6a73b5b479973521f02e9cea291afc83e5d847ce3bd27778da1fcdf31626e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bass.dll
Filesize
126KB

MD5
f2a113b6ee24d9382953c9729ae357af

SHA1
749f4512a02287095a53db634783f7e399cd31b9

SHA256
0738dc614d751b3b08125c03a920fc243a3e5eea4f16d3374d8d94a6e2454477

SHA512
f9f366515b337c9df48ff1a21fb124091b2bec94c8a2d94de9c17c210b24931222a11d5b9914ea2fa40807ff7d4322d72d7779f34d07ce3ca2a44795718d047b

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMP.Runtime.dll
Filesize
10.2MB

MD5
baad6e8b6af9c0840167952e24cd6570

SHA1
0a51bb40a1a625b4ff8e06a7ba266c091dcf27f6

SHA256
bf02904c9e42d3bf2d48e15fa5ec1fafe1f91b7e457f30015cba4ffe224a39b6

SHA512
292ac9b2e270db4169095f61b7d6a27826e94a0296e03acdb7974463e1ffb4d1c7cd5e162c64a387e623ad17bcbc8829af3231acd3ea6df833c6777872782bc2

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMP.Shared.dll
Filesize
3.7MB

MD5
c129c2a02b28c5b83733fb05e73448cf

SHA1
bc94421a5bf0ec694bdcbf41cdc2715e79aca608

SHA256
c6a581cd6b236840a7bb4fb00db75aaec62138b6e7ba934c909db6c8dd6b42d4

SHA512
3089bea210b5b692ee203b507603436ccba210d66454a0e3ef63d4f4d7713d3866037e7420f725ba0f38973309d2696bf7b719e98f167309942c4c506451a2af

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AIMPac.exe
Filesize
354KB

MD5
b7a9e0a7aac0481e2eefb3f6ddab291f

SHA1
60372c8f0bd432896e78211bee1e961b31415e26

SHA256
bea7d9e1b7c3c33810f45da29f47c828366a9ee4cacada01e5e9ea11b1171b44

SHA512
809613351a9a55fbe1986277f54f78c81eff39e3e96384b4822d642a5cfc72170f20e510d5782a601bc0806184d6d6714a7c8eb4e29e39b4e7aedec3ca47406b

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\Aorta\Aorta.dll
Filesize
26KB

MD5
ed2a50e64ceb9a8a38e371242be28095

SHA1
65566d7337429320d367a014f356c939d708fce6

SHA256
c0a8ac0f1ac04272918cab6bc5b19de5127aad6e52f9668d7565235cf0218d07

SHA512
a1b6b994cd27ec657e5aa211d40a4911c2949ca674700d188c0fdaf976cc857710e0405df5b66d9c289c5a3bf9d8789a9666d621a122048f24b63beb721a3701

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_aac\bass_aac.dll
Filesize
146KB

MD5
526e02e9eb8953655eb293d8bac59c8f

SHA1
7ca6025602681ef6efdee21cd11165a4a70aa6fe

SHA256
e2175e48a93b2a7fa25acc6879f3676e04a0c11bb8cdfd8d305e35fd9b5bbbb4

SHA512
053eb66d17e5652a12d5f7faf03f02f35d1e18146ee38308e39838647f91517f8a9dc0b7a7748225f2f48b8f0347b0a33215d7983e85fca55ef8679564471f0b

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ac3\bass_ac3.dll
Filesize
14KB

MD5
bd43c88917d6234ff962b6e88b648b8c

SHA1
b10dfd375fa4ab16aa3633d19c5515a8fb10a738

SHA256
7bcf3b8ce9d56334146f53fc632d2c6c6f32ea5c8e1948abd89938f044424f66

SHA512
0d089714c6ec2e5d69465020e1323ebfab4ae26bd5febfd477566fac35e67ee8796d6b65d99c87e840b037f0bbb6740e5e67dff634273d73bdee8ae499f284df

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_alac\bass_alac.dll
Filesize
9KB

MD5
6b6344cd7efc4916f58d177045674fc9

SHA1
11bfd217fbf636e591d4b35a4b2d6c800649d241

SHA256
f57c2e18acee1a13bd9bc6a442a9ad7a10deae2c0709a653fa10cf342586cca3

SHA512
9a49cb885c8d0b68b39974e12ca97c5477b4828b40cba9e8d2cf401e608005db4fb2b8b5daf0e41486cb6edb7c309f675e5928c65ad6237e44990c55a9dcff82

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ape\bass_ape.dll
Filesize
37KB

MD5
b0c12c5944d754cb1262a93ac60cb227

SHA1
c66eb28e01884c1245c260f8c2cea31b31affe21

SHA256
08e21c769acbe442fa05db72a79866c9fb7745c97a1dd51f0f2224b74504a6f3

SHA512
494dc0097c27c479299c5ae8826e6bc0a542691d8a6d058de41c98c33984a973a31489b398c84dc9266180daa03ce5a32ba24d33a696744716cfc4f953f6d758

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_flac\bass_flac.dll
Filesize
28KB

MD5
e2a26f0c195b75d520d39eac4e4c804b

SHA1
5f8722e8d831c445c0fc0ddc728eea38086b0abf

SHA256
ab7aa41383016b5ba7e8e2db7d4e537dddee1ff76787e71318cff59334070c26

SHA512
7bf57f8210745e9d54d099a7411713c928adc6cea5243651fd43e5ad700662fd51a376e15fc6b99bf630d69039eb9039e034d22c073ba3d5ce5b18ba0af25b53

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_hls\bass_hls.dll
Filesize
12KB

MD5
fb9d6cbf4f4fcd6966b17c84778c10c4

SHA1
b15bd35e864eef42388965dd0a86568ef4cf64b4

SHA256
caf6a84e074268bb7eb19e63e2a34eb1f133eb8590bd55e4772002e507c45992

SHA512
dee872c894549b8e2ee4229f0995bdc99647755a1263c6e46e4f6bf9272d5fa44c1af20cfce2edebfd9fc37a0d767b486d1c176f4183459e6805ef062b63dbb9

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_midi\bass_midi.dll
Filesize
57KB

MD5
0140838049533f988d8845ae522589fa

SHA1
920b5136e9f66fa9477bee28587643950cf76e02

SHA256
3c0b1b053c998065f08edc4ef364a89aae19ddf206c6ca679f00e4d463d06d0d

SHA512
a380476204f8928e526cc24f2cb09506360dc0926630772a8513f8dee05a87014bd9e625d6ca3d6e398b2f44b62dceef8d05e8c0841eb1131950089bb494c72d

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_mpc\bass_mpc.dll
Filesize
20KB

MD5
a44fae0c3dd8a375857886407cbd454b

SHA1
5039e76df8ce67ad8477b57eeddf6aefc2a68079

SHA256
35dbc8e6aadb62c6f102634d167fea5d53a7ae38d046efc639f455140626300a

SHA512
b6a1c59f578976fca35c63ef31b10fb96c024c390fa2662ffdf7a8e635d18d7be333e511b8c1e636db89c031d5580e31a7dd359b7d750c15a6573f44d845c0b1

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ofr\OptimFROG.dll
Filesize
209KB

MD5
2c747f19bf1295ebbdab9fb14bb19ee2

SHA1
6f3b71826c51c739d6bb75085e634b2b2ef538bc

SHA256
d2074b91a63219cfd3313c850b2833cd579cc869ef751b1f5ad7edfb77bd1edd

SHA512
c100c0a5af52d951f3905884e9b9d0ec1a0d0aebe70550a646ba6e5d33583247f67ca19e1d045170a286d92ee84e1676a6c1b0527e017a35b6242dd9dee05af4

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_ofr\bass_ofr.dll
Filesize
5KB

MD5
b3cc560ac7a5d1d266cb54e9a5a4767e

SHA1
e169e924405c2114022674256afc28fe493fbfdf

SHA256
edde733a8d2ca65c8b4865525290e55b703530c954f001e68d1b76b2a54edcb5

SHA512
a836decacb42cc3f7d42e2bf7a482ae066f5d1df08cccc466880391028059516847e1bf71e4c6a90d2d34016519d16981ddeeacfb94e166e4a9a720d9cc5d699

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_opus\bass_opus.dll
Filesize
67KB

MD5
26c74f5e9df6c59ded3b09335e5d82ad

SHA1
d9d3456e9f4d0ee659e3bbc1adfc49bfcdc92645

SHA256
bcd12511a18199823676f88f1eccbc7d192a591d60ab4e74d994bd6b6449397a

SHA512
3209d2d4bc75c3aa36ea0e858db9cbc3c6488c5fe65a5c700080cf6c052aa36604cf4a71667839e793817aca31dc2e80dc8040195fc4b6c64dc290c9adbcb512

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_spx\bass_spx.dll
Filesize
35KB

MD5
6c282646b74671bf9c99361d238dfda7

SHA1
04f8188971d766a5fe649a79b98c82359f9de9f4

SHA256
72b842141069b6cb4a7af7401ce19fd5e76874064a94b09449a2888e0348cc0b

SHA512
0b5fd2f0a765667a95a891cf981b7822a94dd996e772ab87ef976c2d3f8d84884371ff3a265955881e749aae80d7b87c2ff361443f2eea6f709a85af79dcf6e5

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_tta\bass_tta.dll
Filesize
7KB

MD5
1268dea570a7511fdc8e70c1149f6743

SHA1
1d646fc69145ec6a4c0c9cad80626ad40f22e8cd

SHA256
f266dba7b23321bf963c8d8b1257a50e1467faaab9952ef7ffed1b6844616649

SHA512
e19f0ea39ff7aa11830af5aad53343288c742be22299c815c84d24251fa2643b1e0401af04e5f9b25cab29601ea56783522ddb06c4195c6a609804880bae9e9b

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_wma\bass_wma.dll
Filesize
17KB

MD5
476bda1ee12c760a29e4ee43f593f878

SHA1
082b0f14c6c14a436fd85da865d2123ec2906c9c

SHA256
e1eb85821ebc1cdb879fbaa564c9d0a416aa7d4cb27fe8f4831c3956775c754c

SHA512
db0618a1072e9a21097c28c3805e11f13dc7b86fc47f008c7ba256a53dedbfb910383245ef7b558a03613c5bedd898c6d24fbaac09bb88330098ee9d18828171

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\bass_wv\bass_wv.dll
Filesize
27KB

MD5
4304c0e41adc990c05042b5aef6a9e08

SHA1
dd4507b408107aa4fd2c9f91e2b1916c7e4fd9af

SHA256
561dee66a6a3ee26120503c3cd184bb224841382cbb799c2ea1006154a17ad28

SHA512
67406f2c3d4e14b4433d2ac626d3f25939eedfb828439a0fab523a55ac2687b5185bc998efa18069f7e295de26314cd440c74de478f62f916f150d3f540f20d9

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Plugins\tak_deco_lib\tak_deco_lib.dll
Filesize
110KB

MD5
2b1e911193a313207850bf0260317879

SHA1
d69ceb9b9a8072d8aa58a51ba767fe2787ca26ac

SHA256
615909b0e8c57e7f9eceac0390686ff3b8c4d75a004598590dd4a2d9f6b0ab18

SHA512
0790bf9b8513e82460d4ee1df3decec7f94327bd93fc3672ebd3b1459a8a16f1d5e8d4ae652db595a485e3289b110fcdc1f43930ee45bac67823ded977423e95

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\MACDll.dll
Filesize
486KB

MD5
b48747f23588ba96cd93bb668ec0684a

SHA1
19234a5e589ddc923be478fccdc5d5292c34c66c

SHA256
b9427da9ecfa8a9449c8e4753ebf244a703c4d792895f6b163dce61ecdcf8a0e

SHA512
86adba13285bb277acbb5cec749fca560acf99064e9d9663f1d79319e3752083879688deedffd26fbbb86c4ec15b4f382c07a71b2e9d9e40ceb25bfc5d3702cc

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\aimp_libvorbis.dll
Filesize
803KB

MD5
2661e63c2f05bac41ce2cbb6d7e93f13

SHA1
660355422fd7d77d6bc2cd8b1908382668f8091d

SHA256
e0fbafccea49cf7297924fa9c0240c16be12c9674c8a752f795df6404b8c0744

SHA512
bd72453d68f871726beb05f515e37db2cfef0ad7ae35e643fdc0774cab42b3a9030c49fe992428ae9b363d6e88edcb5cfc0782b18dae0d8fcf73cc51a5f85ed2

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\lame_enc.dll
Filesize
279KB

MD5
c489fc96906ce2811b0c849eebc72950

SHA1
f2a03482a27438e18f4edcb1cc801914012492cd

SHA256
37983d8b29d4d95a058d1a95eeb20e42144fe17407c07138f88387ebc336dbe1

SHA512
a1018c8311ba80d8097ac050fa604c88821e52fe3c649ff6259c597984baa4e271e7e3791239ec63289cd30f87a52f170308ba41566548e3cbfa73ff3928c02e

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\libFLAC.dll
Filesize
642KB

MD5
9d5b1cbced9e5433816b5b4e16f78a73

SHA1
a9dd2108500d66523d620a4636f7f02c40dfd746

SHA256
f416f6dabea3a148d896f18aafd9b7a0e7bc3327179f6c29d67cb8a925b33c74

SHA512
fd0ae2c7e3b0ef1ce08607411495972dcf16b1ee46e1e3237eb45bd6f98b3c569c354b0c7e0a113ea1f6d33edd9bb8bd9a816ef5767ede479eb3862e0511a08b

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\Encoders\wavpackdll.dll
Filesize
252KB

MD5
db191b89f4d015b1b9aee99ac78a7e65

SHA1
8dac370768e7480481300dd5ebf8ba9ce36e11e3

SHA256
38a75f86db58eb8d2a7c0213861860a64833c78f59eff19141ffd6c3b6e28835

SHA512
a27e26962b43ba84a5a82238556d06672dcf17931f866d24e6e8dce88f7b30e80ba38b071943b407a7f150a57cf1da13d2137c235b902405bedbe229b6d03784

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System\libsoxr.dll
Filesize
201KB

MD5
6fe0fdc0bf01f74b3d64f054dda9cf55

SHA1
c1e21f712d012e9d6c46995026718dfddd01a248

SHA256
028d0b073c95685515c6f28632a43120358df120e5c11440abd436e1f7da75b9

SHA512
36e26ddc79d7226da0b25d0cb23eb2b4b6fa53b0e046ca8f889ab0f59e267b4117e6a73b5b479973521f02e9cea291afc83e5d847ce3bd27778da1fcdf31626e

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bass.dll
Filesize
126KB

MD5
f2a113b6ee24d9382953c9729ae357af

SHA1
749f4512a02287095a53db634783f7e399cd31b9

SHA256
0738dc614d751b3b08125c03a920fc243a3e5eea4f16d3374d8d94a6e2454477

SHA512
f9f366515b337c9df48ff1a21fb124091b2bec94c8a2d94de9c17c210b24931222a11d5b9914ea2fa40807ff7d4322d72d7779f34d07ce3ca2a44795718d047b

Download Submit
memory/956-55-0x0000000000000000-mapping.dmp

Download
memory/1564-54-0x0000000075CD1000-0x0000000075CD3000-memory.dmp

Filesize
8KB

Download
memory/1688-56-0x0000000000000000-mapping.dmp

Download
memory/2028-117-0x0000000073F31000-0x0000000073F33000-memory.dmp

Filesize
8KB

Download
memory/2028-99-0x0000000073FA0000-0x0000000073FBE000-memory.dmp

Filesize
120KB

Download
memory/2028-131-0x0000000073EB1000-0x0000000073EB5000-memory.dmp

Filesize
16KB

Download
memory/2028-141-0x0000000073E90000-0x0000000073E9D000-memory.dmp

Filesize
52KB

Download
memory/2028-79-0x0000000000310000-0x000000000032C000-memory.dmp

Filesize
112KB

Download
memory/2028-95-0x00000000740B1000-0x00000000740B3000-memory.dmp

Filesize
8KB

Download
memory/2028-122-0x0000000073EE0000-0x0000000073F22000-memory.dmp

Filesize
264KB

Download
memory/2028-147-0x0000000004450000-0x0000000004459000-memory.dmp

Filesize
36KB

Download
memory/2028-70-0x00000000746E0000-0x000000007472B000-memory.dmp

Filesize
300KB

Download
memory/2028-138-0x0000000073EA0000-0x0000000073EB0000-memory.dmp

Filesize
64KB

Download
memory/2028-103-0x0000000073F80000-0x0000000073F93000-memory.dmp

Filesize
76KB

Download
memory/2028-86-0x0000000002A60000-0x0000000002AA4000-memory.dmp

Filesize
272KB

Download
memory/2028-65-0x0000000000630000-0x0000000001091000-memory.dmp

Filesize
10.4MB

Download
memory/2028-146-0x0000000010700000-0x0000000010712000-memory.dmp

Filesize
72KB

Download
memory/2028-134-0x0000000073C00000-0x0000000073C81000-memory.dmp

Filesize
516KB

Download
memory/2028-128-0x0000000073EC0000-0x0000000073ED6000-memory.dmp

Filesize
88KB

Download
memory/2028-80-0x00000000028C0000-0x000000000291C000-memory.dmp

Filesize
368KB

Download
memory/2028-90-0x0000000074220000-0x000000007422B000-memory.dmp

Filesize
44KB

Download
memory/2028-58-0x0000000000000000-mapping.dmp

Download
memory/2028-145-0x0000000004440000-0x0000000004447000-memory.dmp

Filesize
28KB

Download
memory/2028-144-0x0000000004430000-0x000000000443F000-memory.dmp

Filesize
60KB

Download
memory/2028-143-0x0000000004430000-0x0000000004436000-memory.dmp

Filesize
24KB

Download
memory/2028-142-0x0000000004430000-0x000000000443C000-memory.dmp

Filesize
48KB

Download
memory/2028-148-0x00000000046D0000-0x000000000531A000-memory.dmp

Filesize
12.3MB

Download
memory/2028-149-0x0000000004AF0000-0x0000000004C2E000-memory.dmp

Filesize
1.2MB

Download
memory/2028-150-0x00000000046D0000-0x000000000531A000-memory.dmp

Filesize
12.3MB

Download
memory/2028-151-0x00000000046D0000-0x000000000531A000-memory.dmp

Filesize
12.3MB

Download
memory/2028-152-0x00000000046D0000-0x000000000531A000-memory.dmp

Filesize
12.3MB

Download
memory/2028-153-0x00000000046D0000-0x000000000531A000-memory.dmp

Filesize
12.3MB

Download
memory/2028-154-0x00000000046D0000-0x000000000531A000-memory.dmp

Filesize
12.3MB

Download
memory/2028-155-0x0000000000310000-0x000000000032C000-memory.dmp

Filesize
112KB

Download
memory/2028-156-0x0000000002C30000-0x0000000002C34000-memory.dmp

Filesize
16KB

Download
memory/2028-157-0x00000000046D0000-0x000000000531A000-memory.dmp

Filesize
12.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads