e315df371119193eb29f79dbf4f3bc996e8e14859e04a477956d75d628517bd4

Analysis

max time kernel
90s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2022, 23:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VoiceChanger64(1.70).exe
Size

1.2MB
MD5

bec799814beae8ea3c2a18e603abecb4
SHA1

3beced8898897545eba04db373d1a7723e9e0e58
SHA256

e315df371119193eb29f79dbf4f3bc996e8e14859e04a477956d75d628517bd4
SHA512

4c6396ade614bf7068bfb676629450d2974f6235e1590c09fdf154bd59569da34a4d071165992242b51698066041e772026262c7a1b15e826d5d945db32b17ac
SSDEEP

24576:zvyYh1tiQQoB7Hhjvp5qjGO/DU1UwIor8BM+innIsXi7anr:GUfjBhjxojGO/41FwBaROs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3740	VoiceChanger64(1.70).exe
3740	VoiceChanger64(1.70).exe
3740	VoiceChanger64(1.70).exe
3740	VoiceChanger64(1.70).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\VoiceChanger64(1.70).exe
"C:\Users\Admin\AppData\Local\Temp\VoiceChanger64(1.70).exe"
1⤵
- Loads dropped DLL
PID:3740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi699E.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi699E.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi699E.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi699E.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/3740-136-0x00000000032E1000-0x00000000032E3000-memory.dmp

Filesize
8KB

Download