36b90e706e68360a79a1f909cf2072191a96bd7c412098e45bcb700b459e55fd

Analysis

max time kernel
319s
max time network
314s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2023 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mirrorto_setup-com_es.exe
Size

3.4MB
MD5

a63b1ca64adcbf39d5d31ea92863dd14
SHA1

583777dadc3f6b196b86ad604ecd13548d9e5fe6
SHA256

36b90e706e68360a79a1f909cf2072191a96bd7c412098e45bcb700b459e55fd
SHA512

0a484efcb70b5543fa65328486006e7f13d79166172546129bf2e0e12397250d15847f558ecfebb04267e135e5ed7f355aab49541112ddafe4a92dc78028642a
SSDEEP

98304:hGdy6cYnKtnRMOluhfzovUQCeULWV7Wzur3+:0dy6csKtS1po8vQmuu

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Dutch\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Portuguese\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\ChineseTW\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Japanese\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\productInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\French\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Portuguese\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Thai\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\ChineseTW\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Chinese\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Chinese\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\French\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\German\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Arabic\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Dutch\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Thai\pr_3.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\English\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\German\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Spanish\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Spanish\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Thai\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\English\install_tips.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\German\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Malaysian\pr_3.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Chinese\pr_3.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Japanese\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Portuguese\install_tips.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Spanish\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\German\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Japanese\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Malaysian\install_tips.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Sweden\pr_4.png	mirrorto_setup-com_es.exe
File opened for modification	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\Log\imyfone_down.log	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Arabic\install_tips.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\ChineseTW\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Japanese\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Korean\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Korean\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Malaysian\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Portuguese\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Sweden\pr_1.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Thai\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\ChineseTW\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\English\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\German\pr_3.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Arabic\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Chinese\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\French\pr_3.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Japanese\pr_3.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Korean\install_tips.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Chinese\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\English\pr_3.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Sweden\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Arabic\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\English\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Italian\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Korean\UrlInfo.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Malaysian\text.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Chinese\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Dutch\pr_2.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\language.ini	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Italian\pr_4.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Japanese\install_tips.png	mirrorto_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\mirrorto_setup-com_es\language\Thai\pr_1.png	mirrorto_setup-com_es.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2876	mirrorto_setup-com_es.exe

C:\Users\Admin\AppData\Local\Temp\mirrorto_setup-com_es.exe
"C:\Users\Admin\AppData\Local\Temp\mirrorto_setup-com_es.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:2876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads