c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef

Analysis

max time kernel
167s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef.exe
Size

8.7MB
MD5

ca3c249fadc6aa8a9923ab2587f558ff
SHA1

57652ac39edb27648c77ad6ca1f849f54345837b
SHA256

c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef
SHA512

2cfe26c20f8584c15a1e71becc10f7fc86d0ba5f781d2442ad8be88d008a682720693dc1c125063cddfd3c6c5b704b332759695fbcb55446651e254153e15938
SSDEEP

196608:Rdxyz/yVZy1dHqzG+ZAxfL9iJqqo+nhGjwnpsfu9RAk7crW9/tNCcLa:1yza61d/+YOVGjXdXzea

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4600	PCVersion.exe

Loads dropped DLL 11 IoCs

pid	Process
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe
4600	PCVersion.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4600	PCVersion.exe
4600	PCVersion.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 4600	2872	c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef.exe	84
PID 2872 wrote to memory of 4600	2872	c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef.exe	84
PID 2872 wrote to memory of 4600	2872	c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef.exe	84

C:\Users\Admin\AppData\Local\Temp\c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef.exe
"C:\Users\Admin\AppData\Local\Temp\c041c9ba30493bad3f11cd900946ad2884d75328c584990fd186103d6e10dfef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\PCVersion.exe
  C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\PCVersion.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4600

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\HttpDownload.dll

Filesize
33KB

MD5
fde294dab93e890a58e687f8f3233f3f

SHA1
080d907d8f19bac13a4ab6f08c4967d70a90abec

SHA256
2e38a0ebaff5c09fbf8575ddddb676863fd0680a3cceddcd8c650b2ab50ae73e

SHA512
647fbb50938f1ad385e5fb915ed9aab81787a82dbef76d561dbf332e275b901dedcd98a467d82dc8fcbf56c4ea0c8c4815affa93e5383170a9af396974f4fa69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\HttpDownload.dll

Filesize
33KB

MD5
fde294dab93e890a58e687f8f3233f3f

SHA1
080d907d8f19bac13a4ab6f08c4967d70a90abec

SHA256
2e38a0ebaff5c09fbf8575ddddb676863fd0680a3cceddcd8c650b2ab50ae73e

SHA512
647fbb50938f1ad385e5fb915ed9aab81787a82dbef76d561dbf332e275b901dedcd98a467d82dc8fcbf56c4ea0c8c4815affa93e5383170a9af396974f4fa69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\Image\background.png

Filesize
3KB

MD5
ae08c8b1e04eb87ccdb404248ba840fb

SHA1
63df80fe4fd6ef361df6ae376cf4f98a3cac5c25

SHA256
3dec82d7fb6571a95ff6bf7eddd5c76894e1a150c0bfdce3cc4444ff5d93f78f

SHA512
47f8f990828e83c8c6a546d594e6a5a425babcc629a90810ed9754eede1f70b2353107b146874443e7352abf2ac8fdbfaf14fcc3f2958fe14adb6c19d20b3bd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\MSVCP100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\MSVCR100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\PCVersion.exe

Filesize
389KB

MD5
809d1193f68f1932a2bcd74c25a8dff8

SHA1
50909dccedc8770eb0e45099719140585d0fa98f

SHA256
38925f877bdbd60ec8649e7b8f580ab2a1c6883789405bf24d41dfecc5b05123

SHA512
728d1b55d069a9d4174a50b28983adaedec6bcb39626d70f44cf4eea5017878ac045d9b3be6b7f3efbf3b3f7e4d95f41f6e2e76d202e34e5a323c0cdb8e17a52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\PCVersion.exe

Filesize
389KB

MD5
809d1193f68f1932a2bcd74c25a8dff8

SHA1
50909dccedc8770eb0e45099719140585d0fa98f

SHA256
38925f877bdbd60ec8649e7b8f580ab2a1c6883789405bf24d41dfecc5b05123

SHA512
728d1b55d069a9d4174a50b28983adaedec6bcb39626d70f44cf4eea5017878ac045d9b3be6b7f3efbf3b3f7e4d95f41f6e2e76d202e34e5a323c0cdb8e17a52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\PCVersionStat.dll

Filesize
22KB

MD5
f0885fef8460408c3f728d1023c1d54b

SHA1
99af959ff68a98e01bbd234efffa6c602318c111

SHA256
4c78452fc09dc8f14df1a5ba8f443843fd136acefd157695218b11a45ed14da0

SHA512
2cb6225938b52ec2fd71317a2c27d0a3b32110a4a8107bf9d66087267568778f1bc4b31e28acaeb1f2645574d9340971fedfa9939c655520b511d5aa943ea6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\PCVersionStat.dll

Filesize
22KB

MD5
f0885fef8460408c3f728d1023c1d54b

SHA1
99af959ff68a98e01bbd234efffa6c602318c111

SHA256
4c78452fc09dc8f14df1a5ba8f443843fd136acefd157695218b11a45ed14da0

SHA512
2cb6225938b52ec2fd71317a2c27d0a3b32110a4a8107bf9d66087267568778f1bc4b31e28acaeb1f2645574d9340971fedfa9939c655520b511d5aa943ea6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\UI.dll

Filesize
69KB

MD5
ad2fa787e724138c6acd847eb0716336

SHA1
59a4fc77d2e0871706b6e5f49b84037e70413989

SHA256
b6afd39680ff615eb233907d92f2385816a6437d23cd74dc2354436828d43314

SHA512
c0b7f970a4a5e820eb369588b6a234071a7c6e04dd71a72fb71f598328e15127cb0cf7eeac3aed3b7140fd5ff5ef66b0a04e62ba84a27597ea513542ad6620a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\UI.dll

Filesize
69KB

MD5
ad2fa787e724138c6acd847eb0716336

SHA1
59a4fc77d2e0871706b6e5f49b84037e70413989

SHA256
b6afd39680ff615eb233907d92f2385816a6437d23cd74dc2354436828d43314

SHA512
c0b7f970a4a5e820eb369588b6a234071a7c6e04dd71a72fb71f598328e15127cb0cf7eeac3aed3b7140fd5ff5ef66b0a04e62ba84a27597ea513542ad6620a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\apps\AppInfo.dat

Filesize
292B

MD5
3f3fff84b4d9197fd3d12f5d53a96281

SHA1
6d8b6d58b1b3408adc81148607faa8eda3b67635

SHA256
a00169f8f596730c5a7898636d62196b29f86abbd387e8779dec3666566da66e

SHA512
996714b2609641ecc22e77a1699fdbc5c0779724a36555f083ff07168afed1b1b9a58cb9b11003d06558bd4023e544b2f256aedfedab341e9b3f20cb557eadb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\apps\icon.png

Filesize
19KB

MD5
d7431d1623dd1163399a10230927ac3d

SHA1
303d5f7a09efc883ae192cd0c33482af36367e1b

SHA256
d8fadd6441d59364be6da5c748bd65caaedaaf7ed814490b1367d9960b86fe1b

SHA512
b8090315ae47865e98eb8155eb415b11cbacb8a702c6336ab9f3a071ed2604337acf5d7dd91cd9e079cad2f6925a35077325fd9649b5f42471d1b3d47fde243c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\mfc100u.dll

Filesize
4.2MB

MD5
f841f32ad816dbf130f10d86fab99b1a

SHA1
0f8b90814b33275cf39f95e769927497da9460bf

SHA256
7a4cfbce1eb48d4f8988212c2e338d7781b9894ef0f525e871c22bb730a74f3e

SHA512
6222f16722a61ee6950b6fbcbe46c2b08e2394ce3dd32d34656faf2719e190e66b4e59617c83f117ad3793b1292a107f275087b037cf1b6e4d9819323748079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\mfc100u.dll

Filesize
4.2MB

MD5
f841f32ad816dbf130f10d86fab99b1a

SHA1
0f8b90814b33275cf39f95e769927497da9460bf

SHA256
7a4cfbce1eb48d4f8988212c2e338d7781b9894ef0f525e871c22bb730a74f3e

SHA512
6222f16722a61ee6950b6fbcbe46c2b08e2394ce3dd32d34656faf2719e190e66b4e59617c83f117ad3793b1292a107f275087b037cf1b6e4d9819323748079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\mfc100u.dll

Filesize
4.2MB

MD5
f841f32ad816dbf130f10d86fab99b1a

SHA1
0f8b90814b33275cf39f95e769927497da9460bf

SHA256
7a4cfbce1eb48d4f8988212c2e338d7781b9894ef0f525e871c22bb730a74f3e

SHA512
6222f16722a61ee6950b6fbcbe46c2b08e2394ce3dd32d34656faf2719e190e66b4e59617c83f117ad3793b1292a107f275087b037cf1b6e4d9819323748079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\mfc100u.dll

Filesize
4.2MB

MD5
f841f32ad816dbf130f10d86fab99b1a

SHA1
0f8b90814b33275cf39f95e769927497da9460bf

SHA256
7a4cfbce1eb48d4f8988212c2e338d7781b9894ef0f525e871c22bb730a74f3e

SHA512
6222f16722a61ee6950b6fbcbe46c2b08e2394ce3dd32d34656faf2719e190e66b4e59617c83f117ad3793b1292a107f275087b037cf1b6e4d9819323748079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\mfc100u.dll

Filesize
4.2MB

MD5
f841f32ad816dbf130f10d86fab99b1a

SHA1
0f8b90814b33275cf39f95e769927497da9460bf

SHA256
7a4cfbce1eb48d4f8988212c2e338d7781b9894ef0f525e871c22bb730a74f3e

SHA512
6222f16722a61ee6950b6fbcbe46c2b08e2394ce3dd32d34656faf2719e190e66b4e59617c83f117ad3793b1292a107f275087b037cf1b6e4d9819323748079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\msvcp100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\msvcp100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\msvcr100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\union.dll

Filesize
120KB

MD5
66bd7671e408ab5b20c43ba5efe0ee31

SHA1
861eb3fbc6309f61b826a4258c4d47c063cf3c5e

SHA256
6c609f0eb30103ed2236eccae8c93e99df91c9f56caf070f95bebda2a1c56910

SHA512
ca505001bfc9fa79dbbb3402d447c66eb9738c9f804057a95160c662d15f7781ec4001605076c16be632082291fb1a4b400f5ccd56a241ae220cc31511509937

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç§ÍõAAA\union.dll

Filesize
120KB

MD5
66bd7671e408ab5b20c43ba5efe0ee31

SHA1
861eb3fbc6309f61b826a4258c4d47c063cf3c5e

SHA256
6c609f0eb30103ed2236eccae8c93e99df91c9f56caf070f95bebda2a1c56910

SHA512
ca505001bfc9fa79dbbb3402d447c66eb9738c9f804057a95160c662d15f7781ec4001605076c16be632082291fb1a4b400f5ccd56a241ae220cc31511509937

Download Submit