e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17-02-2023 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe
Size

923KB
MD5

79c9b1a93339a03631ccb0da0bb31d5d
SHA1

da534153487eef1ac5ae6ab56cb3483833bca238
SHA256

e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac
SHA512

7fe787434dc5d2f744b2c9b4fff5ee2f184b527aac06e77a3460d6d4424bf4aad177f98c8cec2c449ff0cb4a13bcc9c58a6b3bf9aa8bb1d460f334a62fb4d987
SSDEEP

24576:1KWs81BSTGOY8XRNmMhOLaFAxEeQYO5gDLf3q75OkHrcdDA:4F00PBNmM0mAagnf675dYA

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

MP3SoundRecorder.exe

pid process

1756 MP3SoundRecorder.exe

pid	process
1756	MP3SoundRecorder.exe

Loads dropped DLL 5 IoCs

Processes:

e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exeMP3SoundRecorder.exe

pid	process
752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe
752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe
1756	MP3SoundRecorder.exe
1756	MP3SoundRecorder.exe
1756	MP3SoundRecorder.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe

description	pid	process	target process
PID 752 wrote to memory of 1124	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	reg.exe
PID 752 wrote to memory of 1124	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	reg.exe
PID 752 wrote to memory of 1124	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	reg.exe
PID 752 wrote to memory of 1124	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	reg.exe
PID 752 wrote to memory of 1756	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	MP3SoundRecorder.exe
PID 752 wrote to memory of 1756	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	MP3SoundRecorder.exe
PID 752 wrote to memory of 1756	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	MP3SoundRecorder.exe
PID 752 wrote to memory of 1756	752	e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe	MP3SoundRecorder.exe

C:\Users\Admin\AppData\Local\Temp\e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe
"C:\Users\Admin\AppData\Local\Temp\e2d22d8e75d3b27fe20add08299374c6e4e5bd72ad2f811f52f641fd7aa253ac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:752

C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" IMPORT MP3SoundRecorder.reg
2⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1756

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe
Filesize
293KB

MD5
4b4596685b04d3d2fa26d3db2566e3d9

SHA1
a585baa7927b7d9ed48e71d16be1cb082380ccf9

SHA256
0febad3d37a4181e6fb0c4b22e3c474ed31feca37ed5cdf467c47034a12801d1

SHA512
46a1919c33a4c560d148e819d723774d70a59a39d1bdcfbfdd8b21c35e79d539408a3c0eedaa8deb773a35fe460852840997eb46f7ae6e03301866a0cea81c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Record.dll
Filesize
144KB

MD5
0900b5101c195e81136d9ae29f2ffab1

SHA1
23aa366cd9680a7cb9d852eafd792ecfacc1b2a0

SHA256
db1773367d1f1577083c92f8af9aaad2697730a8e2114bd979077a2eb83cb3e1

SHA512
29f3bcfe931d3e213362ddb9006cf3cee1279797edc296921075301be4c5b54a88941f252f055ea0141d15cba2e75bcd8a349a064b9811340a91cd74043ee944

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\mp3dec2.dll
Filesize
44KB

MD5
e37e04a72f9c06a0ddb327c7a85c4433

SHA1
68dd5bc160ad3838264e3be75211f0a709790b8e

SHA256
b77ef65a7e415a6aa4b10244057951d37e6c19750fec58e271360aa0dc5d94c3

SHA512
de33fec8a9a560b4712c8f17eb34f66f44216e8b05d46f10b4e60636f7fda299cd91d8d893914f741d701497a95e636114e21c4f8533b082a9df49b5aa1c0c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\prmixer.dll
Filesize
184KB

MD5
43d7d7490fa34f55abb2d91a886f9f86

SHA1
fcb09bc35908631db403a05bb9e4b0b72a0bb003

SHA256
38ca4d2075d74f4ac6a5dade53754320cd31a4270e2c6ab0498ff4bcf4f07acc

SHA512
e48effed54499cfa39ea252064f71bba157e2afb55f7006f6f670d9b1e9a4bd3c8f4d7869658fa5e7b7b043c162df565f64ee07ce3d704647858971b6dc72038

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\set.ini
Filesize
562B

MD5
08868db2c5e6fca57569adfabed44e8a

SHA1
66755771205768a5c409d1d29ef19cc04a4868ae

SHA256
78addbbba9aba01e267f2ff2f6371dd8130e454e212b42b587e58c552253152c

SHA512
9743b244d732a02a73a1962cfa7915c48edae8666702413d2fbf09b6041b8254f444b3f558bf961d6d12f44c3922132e52a9bcd95773eb16fdc95ad5ec4513ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ti.ico
Filesize
318B

MD5
134c8bed1fc5e4a3e770601ae8f27da5

SHA1
6ff5a0f9c9edad8a30ce4892f1b8bf3d313d2160

SHA256
b736782a412a078e8d46ea43199f2f8725cb40ea470ec314763f9cb2a88c9954

SHA512
237941da48a648aa55624001ad3e7f8bf2289de4d6b5fdea78c9c552c7d21cd05d2d6665fa52ac0d761bdbbe3313bf4c8ba07da8e8e8e2de48dc1e1e0670bc81

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe
Filesize
293KB

MD5
4b4596685b04d3d2fa26d3db2566e3d9

SHA1
a585baa7927b7d9ed48e71d16be1cb082380ccf9

SHA256
0febad3d37a4181e6fb0c4b22e3c474ed31feca37ed5cdf467c47034a12801d1

SHA512
46a1919c33a4c560d148e819d723774d70a59a39d1bdcfbfdd8b21c35e79d539408a3c0eedaa8deb773a35fe460852840997eb46f7ae6e03301866a0cea81c39

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\MP3SoundRecorder.exe
Filesize
293KB

MD5
4b4596685b04d3d2fa26d3db2566e3d9

SHA1
a585baa7927b7d9ed48e71d16be1cb082380ccf9

SHA256
0febad3d37a4181e6fb0c4b22e3c474ed31feca37ed5cdf467c47034a12801d1

SHA512
46a1919c33a4c560d148e819d723774d70a59a39d1bdcfbfdd8b21c35e79d539408a3c0eedaa8deb773a35fe460852840997eb46f7ae6e03301866a0cea81c39

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\mp3dec2.dll
Filesize
44KB

MD5
e37e04a72f9c06a0ddb327c7a85c4433

SHA1
68dd5bc160ad3838264e3be75211f0a709790b8e

SHA256
b77ef65a7e415a6aa4b10244057951d37e6c19750fec58e271360aa0dc5d94c3

SHA512
de33fec8a9a560b4712c8f17eb34f66f44216e8b05d46f10b4e60636f7fda299cd91d8d893914f741d701497a95e636114e21c4f8533b082a9df49b5aa1c0c20

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\prmixer.dll
Filesize
184KB

MD5
43d7d7490fa34f55abb2d91a886f9f86

SHA1
fcb09bc35908631db403a05bb9e4b0b72a0bb003

SHA256
38ca4d2075d74f4ac6a5dade53754320cd31a4270e2c6ab0498ff4bcf4f07acc

SHA512
e48effed54499cfa39ea252064f71bba157e2afb55f7006f6f670d9b1e9a4bd3c8f4d7869658fa5e7b7b043c162df565f64ee07ce3d704647858971b6dc72038

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\record.dll
Filesize
144KB

MD5
0900b5101c195e81136d9ae29f2ffab1

SHA1
23aa366cd9680a7cb9d852eafd792ecfacc1b2a0

SHA256
db1773367d1f1577083c92f8af9aaad2697730a8e2114bd979077a2eb83cb3e1

SHA512
29f3bcfe931d3e213362ddb9006cf3cee1279797edc296921075301be4c5b54a88941f252f055ea0141d15cba2e75bcd8a349a064b9811340a91cd74043ee944

Download Submit
memory/752-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/1124-55-0x0000000000000000-mapping.dmp

Download
memory/1756-58-0x0000000000000000-mapping.dmp

Download
memory/1756-65-0x0000000000220000-0x0000000000252000-memory.dmp

Filesize
200KB

Download
memory/1756-69-0x0000000000290000-0x00000000002B8000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads