0fcd10a01400f14d238e7793369acea183dc771f124400e3d525db3a0a8740be

Analysis

max time kernel
81s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08/01/2023, 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sm-free-online.exe
Size

1.9MB
MD5

d3daccb226696384058d00b613725d94
SHA1

62b090d57920d6330c2904a768cf204a07a68eb0
SHA256

0fcd10a01400f14d238e7793369acea183dc771f124400e3d525db3a0a8740be
SHA512

09c145709878cfa1bc45ddf3ebde789529fc15931f777f2febd8476ce9dcf18269abcbf0a2e89b6659574a20d017cf3d092939b41dc98ed5a4993d9677059083
SSDEEP

49152:Lt4ZnXnnCILzWmoKhK4IPE90uscDvL9ZcCOAtxi3x:LtgnXnnCILzW9MK4IrWP9ZcCXPQx

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2748	OnlineInstall.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	sm-free-online.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 2748	4392	sm-free-online.exe	80
PID 4392 wrote to memory of 2748	4392	sm-free-online.exe	80
PID 4392 wrote to memory of 2748	4392	sm-free-online.exe	80

C:\Users\Admin\AppData\Local\Temp\sm-free-online.exe
"C:\Users\Admin\AppData\Local\Temp\sm-free-online.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe"
  2⤵
  - Executes dropped EXE
  PID:2748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe

Filesize
4.0MB

MD5
fd0f3fe0bef80f45d0076945eb2cf637

SHA1
df1a423493779e9d3c6b4579179c5df3eae5cfc2

SHA256
21ee807a609fb2329ad718d9b9f60f8f9a3676ad2d74cd669b4a40e106dd1800

SHA512
78442553f5f645bc33dce718164ef9433a0ad2ef4cd4fb5edc85440b666ab6038929d6271b933cd3793d2dc95813fb4fb302d79cb111d4033ea26516dd275fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\OnlineInstall.exe

Filesize
4.0MB

MD5
fd0f3fe0bef80f45d0076945eb2cf637

SHA1
df1a423493779e9d3c6b4579179c5df3eae5cfc2

SHA256
21ee807a609fb2329ad718d9b9f60f8f9a3676ad2d74cd669b4a40e106dd1800

SHA512
78442553f5f645bc33dce718164ef9433a0ad2ef4cd4fb5edc85440b666ab6038929d6271b933cd3793d2dc95813fb4fb302d79cb111d4033ea26516dd275fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Check_Selected.png

Filesize
1KB

MD5
6d116dccaac5056d7d1f4a593d5ac0db

SHA1
242a6a198c7e1e22bda176065cf0b26a276b6f72

SHA256
0946efee104652f084c6fb2f271b06fcdfb50de893d64cd4287cc8e64deced92

SHA512
037c4cb011492a27da3f7a6d2e7e75cabac8c58eca3607d57df248491b4786247c08a2f9ffd5fe49d3ef0b9f862b3ecb4a4783e04b1801c13935f271df224e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Close_Nomal.png

Filesize
1KB

MD5
99fcff2aca703823e083cb90a3192146

SHA1
376158f2e3e6c4f42e67415f180539d562bd27fb

SHA256
cbe96210dc6c28e21625c01db80e510152eecbf4ddbc75a30feeefb9ffa318ef

SHA512
86b51f428a34f7de88f8aa5268028c86dee41a894ec3704c7ba10c0c8f7ef065af9c18d8d1999c903c5aa062abb2910630477b3b11db02f33c6e77373cff3d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Config.ini

Filesize
403B

MD5
ebc1e705794cb3b3b4da6a202615dff4

SHA1
214cffad28fec3f11988df9009ee8a99eeadc019

SHA256
f679fb8df3a97d0980856470dc5b46e473d2fdff1d5caf76728c0a150e77da71

SHA512
861c40c13928e19b798128e9b6f11dd5fae4f75f8d1bbeb0943e736aa3e2acc6847901231e89b7107bc0d7e11adbe3e58a4e9ebebbf919422503da77c858e96b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Dropdown_Nomal.png

Filesize
1KB

MD5
79a297af3cc5d3501558bfc2344f250a

SHA1
7cae747038212afaf6ac69ae57e99cdf9a7ee97d

SHA256
0f8ed5fdb53a8895e0159855268e0b8bb084766473ceb3ced8b96209844e359f

SHA512
e5e4a5feb042725564885be76d8a6bf7d1e68fcd8734822c8f5b5653f1cef9065dfa7d07e57df24332a95567020bb9135ae2233b9d7fbe0a6caa4cd5691b0c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Installnow_nomal.png

Filesize
1KB

MD5
5a02fb88141286b03e5c96bfab807c11

SHA1
4639a647d31d267cf08f4d3e92d62e61749ca1fa

SHA256
7a668d959b0c980edb8fa1b1a359e881f7865a4ec78f879afb2460f99c45367c

SHA512
f6d8b34e7c60ec8ad8d43b6cdb449dd608d29efd2abe377b2439e8fbdb70b72b048948fb17a65dd8b4469c2c65bbfb2e7c583cb880441e26a0d41b14f1e27c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Language.ini

Filesize
80B

MD5
b242e5140134513d58d4930992d8d2c7

SHA1
64b208c1ed80183dbb0982cf33db7a4696f6c734

SHA256
7fab414a11faf0e49e79edce34cbc2b4eac52217b9db9b8b26630d7db35a79a6

SHA512
bea21e4135712513f1f80e1df287b6f45c143fbb9765312863bb6cca15922a7850303ade462574c130c19d3ff90c1174d232afff0f8175aff20eff52f5944cef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\Main.png

Filesize
30KB

MD5
5adbf3fb03b7d11525e13eca17d81ca6

SHA1
9863412957ed1e311203fc1424db58254eab6279

SHA256
745f841d49e71e1c6e27e580bedee03cecf1d5883f4a5e550b44fe28eee67cfc

SHA512
79d7114e2ae7306908e2011543ac6278a288b32d4071cf1377350fcd03983c298aafb0a8436cc92d3884c18fff9c89cd4f94913ccdc648e2b7360055919374e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin_anima\MainUI.xml

Filesize
9KB

MD5
ea1eb245ad1843da4fd09176eb27b4c1

SHA1
759cf4fe2b48b31eb428f034e720562153a85eff

SHA256
ded685dc3d3aad3064b341e4969dd2beb91efd0fbfdb30eac990dc75a91b16bf

SHA512
00b8b121583295b3549c9b8538b1119a2384a8032b5d94ba5cab429f58e724d337f4d0e0d388b52da712efd477f591b6b51d823643f9581d15b6ed2cefe38112

Download Submit