aab27bd5547d35dc159288f3b5b8760f21b0cfec86e8f0032b49dd0410f232bc

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
01-01-2023 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mingw-get-setup.exe
Size

84KB
MD5

92d905bdfe13c798a2cda2bbacdad932
SHA1

66f1355f16ac1e328243e877880eb6e45e8b30e2
SHA256

aab27bd5547d35dc159288f3b5b8760f21b0cfec86e8f0032b49dd0410f232bc
SHA512

5c96c7be222d5c836402df302f5a1866df72bcad3d13643e8703e536cea9c6e42fde344ca79d564051fd3cd93326e834b3c4b7f59e5591d61cba3d59b7c9a180
SSDEEP

1536:+sE5jlwWrw6I3N8SFsngkZ4nJ9jHZN+4Ie6fFF6rS7cnouy8VAt:tE5Rw6GN8wsngi4nJ7N+P7Foc8outy

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2472-132-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral1/memory/2472-133-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral1/memory/2472-275-0x0000000000400000-0x0000000000438000-memory.dmp	upx

Loads dropped DLL 2 IoCs

pid	Process
2472	mingw-get-setup.exe
2472	mingw-get-setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4072	WINWORD.EXE
4072	WINWORD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2472	mingw-get-setup.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE
4072	WINWORD.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 3304	2472	mingw-get-setup.exe	90
PID 2472 wrote to memory of 3304	2472	mingw-get-setup.exe	90
PID 2472 wrote to memory of 3304	2472	mingw-get-setup.exe	90
PID 2472 wrote to memory of 4016	2472	mingw-get-setup.exe	91
PID 2472 wrote to memory of 4016	2472	mingw-get-setup.exe	91
PID 2472 wrote to memory of 4016	2472	mingw-get-setup.exe	91

C:\Users\Admin\AppData\Local\Temp\mingw-get-setup.exe
"C:\Users\Admin\AppData\Local\Temp\mingw-get-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\SysWOW64\wscript.exe
  wscript -nologo C:\MinGW\libexec\mingw-get\shlink.js --all-users --start-menu --description "MinGW Installation Manager" C:\MinGW\libexec\mingw-get\guimain.exe "MinGW Installation Manager"
  2⤵
  PID:3304
- C:\Windows\SysWOW64\wscript.exe
  wscript -nologo C:\MinGW\libexec\mingw-get\shlink.js --all-users --desktop --description "MinGW Installation Manager" C:\MinGW\libexec\mingw-get\guimain.exe "MinGW Installer"
  2⤵
  PID:4016

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\FormatStop.dot"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4072

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MinGW\libexec\mingw-get\guimain.exe

Filesize
141KB

MD5
63dd6168efccf34442141bc6a30ca4b5

SHA1
4215e4157baeb2709ddf46aa23bae3512c388c16

SHA256
f3d7c1f06a99cd9fd9e1b52b18b031171617e30a884eaacf210f4e02caca8d25

SHA512
6bac1514408c83607de3e381828cb74fa9e24b72860ca3f1245c25a111e1e61346a37fd2e1cbcf553097ce1f7f149beb188364e844ce959ac7f4d0a14bb01339

Download Submit
C:\MinGW\libexec\mingw-get\mingw-get-0.dll

Filesize
550KB

MD5
2188006826da68eeb29cb3f16f385263

SHA1
5be8b4740e38f9e7461471bcc4da089a041740e1

SHA256
a481512fce53e3180e68701a5cdc2b82c8d89757cf7b7e1330e10d9f5f4ccaa2

SHA512
4c72601c65e81ca878d96432377827fa36cef9b3a058cf33a12da80dd0bbb607df92f6799ef1b1cab974896fddf1c66202b57b050b4fd05510f19ca29ab43aa3

Download Submit
C:\MinGW\libexec\mingw-get\mingw-get-setup-0.dll

Filesize
133KB

MD5
10f72745741618404c3aea7422b9e110

SHA1
e40ee03d1488a80e608e67b2eee1bab491240fe6

SHA256
5c45a7439d127c09b74fa16a0b300fb290ba15d316397579985464be484b8e17

SHA512
9ed7132fcacc812cbf50d7997bf1e7239e05498d1749fe765c05fa5b8cde0bcfdbed45aec2cf4c61c31ccc9dfe2fd25288c7bee8bc9e33dda24508724ed9d3d2

Download Submit
C:\MinGW\libexec\mingw-get\shlink.js

Filesize
10KB

MD5
7c05fb7cfcb8af75cc51f0e5b5b8a63f

SHA1
7344f388103e4aceaf9bb2088afc8bf39b6da184

SHA256
a4d51113d10de71cde294e76ddd63e35273a33c4321eb50d804264ca97c51331

SHA512
9bf2b1c262fe7bbd26ac2367526c14d3bb9aab56d35e2cc149885412fd6b6e82f60c66de8ef39190cc9782c65e99471420d8e53695d7d25220d29c9ee4fcf7b5

Download Submit
memory/2472-193-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-154-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-136-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-137-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-138-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-139-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-140-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-141-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-142-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-143-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-145-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-144-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-146-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-150-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-148-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-151-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-149-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-147-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-153-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-189-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-155-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-156-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-152-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-157-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-158-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-160-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-161-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-198-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-164-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-167-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-168-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-166-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-170-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-171-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-172-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-174-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-175-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-176-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-173-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-183-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-186-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-191-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-190-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-192-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-132-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2472-194-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-257-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-133-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2472-162-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-200-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-188-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-204-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-202-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-187-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-206-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-185-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-184-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-182-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-181-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-210-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-208-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-212-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-215-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-217-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-180-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-179-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-178-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-222-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-224-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-220-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-227-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-177-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-231-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-233-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-229-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-237-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-239-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-235-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-169-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-241-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-243-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-165-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-247-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-245-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-249-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-251-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-253-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-163-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-159-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-196-0x0000000067A40000-0x0000000067A6B000-memory.dmp

Filesize
172KB

Download
memory/2472-275-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4072-265-0x00007FFFAD0B0000-0x00007FFFAD0C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads