416a636874be34c2311f9327ca75200b2d0dab7845abfab7fd78366d170bd4ac

Analysis

max time kernel
260s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
04/03/2023, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mmm-setup.exe
Size

2.0MB
MD5

fca0679ced8ce14cbfa9d2423d17ed24
SHA1

09811f3753b1293209399ddc5cbb685391514461
SHA256

416a636874be34c2311f9327ca75200b2d0dab7845abfab7fd78366d170bd4ac
SHA512

b9fc2f3a4a1cba628b32bb53740e6990f39855ce1c8faeeee57b10f90570772c049b0cd0a65578e7c844329dfb88359f224cc68c12a6c85ee3ac5830eb90fb31
SSDEEP

49152:8tS9WrcLubcMel6m1t6pc1C5hmSVJgGl5yGU/OT67B:8tlrc6W7Oc1aXVKGl5Z1TYB

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	mmm-setup.exe

Executes dropped EXE 1 IoCs

pid	Process
1816	OnlineInstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 1816	4812	mmm-setup.exe	83
PID 4812 wrote to memory of 1816	4812	mmm-setup.exe	83
PID 4812 wrote to memory of 1816	4812	mmm-setup.exe	83

C:\Users\Admin\AppData\Local\Temp\mmm-setup.exe
"C:\Users\Admin\AppData\Local\Temp\mmm-setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe"
  2⤵
  - Executes dropped EXE
  PID:1816

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe

Filesize
4.1MB

MD5
b9e1f893c109cd6978eeba7ff8a129f5

SHA1
899448e270ac78dc962afd83e990a692279a71bc

SHA256
f08d66cca37c876e13cb28cc739be1c91a0092f4419bc1d8808ed0fdf8497a3c

SHA512
782a0918c08e01383707672981eb80d2ba6ff0045be48361a793d056cd3479395969ee7f767dbb21c892ad5d0147f5b49192790b186691e2f0b9f424e3fffa68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe

Filesize
4.1MB

MD5
b9e1f893c109cd6978eeba7ff8a129f5

SHA1
899448e270ac78dc962afd83e990a692279a71bc

SHA256
f08d66cca37c876e13cb28cc739be1c91a0092f4419bc1d8808ed0fdf8497a3c

SHA512
782a0918c08e01383707672981eb80d2ba6ff0045be48361a793d056cd3479395969ee7f767dbb21c892ad5d0147f5b49192790b186691e2f0b9f424e3fffa68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe

Filesize
4.1MB

MD5
b9e1f893c109cd6978eeba7ff8a129f5

SHA1
899448e270ac78dc962afd83e990a692279a71bc

SHA256
f08d66cca37c876e13cb28cc739be1c91a0092f4419bc1d8808ed0fdf8497a3c

SHA512
782a0918c08e01383707672981eb80d2ba6ff0045be48361a793d056cd3479395969ee7f767dbb21c892ad5d0147f5b49192790b186691e2f0b9f424e3fffa68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Check_Selected.png

Filesize
1KB

MD5
6d116dccaac5056d7d1f4a593d5ac0db

SHA1
242a6a198c7e1e22bda176065cf0b26a276b6f72

SHA256
0946efee104652f084c6fb2f271b06fcdfb50de893d64cd4287cc8e64deced92

SHA512
037c4cb011492a27da3f7a6d2e7e75cabac8c58eca3607d57df248491b4786247c08a2f9ffd5fe49d3ef0b9f862b3ecb4a4783e04b1801c13935f271df224e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Close_Nomal.png

Filesize
1KB

MD5
99fcff2aca703823e083cb90a3192146

SHA1
376158f2e3e6c4f42e67415f180539d562bd27fb

SHA256
cbe96210dc6c28e21625c01db80e510152eecbf4ddbc75a30feeefb9ffa318ef

SHA512
86b51f428a34f7de88f8aa5268028c86dee41a894ec3704c7ba10c0c8f7ef065af9c18d8d1999c903c5aa062abb2910630477b3b11db02f33c6e77373cff3d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Config.ini

Filesize
554B

MD5
a39dc460f6f3468a1468589d602e476f

SHA1
f7f805df23d1c619cb134fb2180feceee030bd30

SHA256
f644930a0e23b07097083021f178223278245ac2e84dc273a9bd9ed74322a2dd

SHA512
b718761920f8e1f532cdee1f8638a8ab53441165d957137d369fbc3ab2a6c6647717e9461e032150585812f6f54e32f3b3272d9c6c36a98442990ce4e1cffaef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Dropdown_Nomal.png

Filesize
1KB

MD5
79a297af3cc5d3501558bfc2344f250a

SHA1
7cae747038212afaf6ac69ae57e99cdf9a7ee97d

SHA256
0f8ed5fdb53a8895e0159855268e0b8bb084766473ceb3ced8b96209844e359f

SHA512
e5e4a5feb042725564885be76d8a6bf7d1e68fcd8734822c8f5b5653f1cef9065dfa7d07e57df24332a95567020bb9135ae2233b9d7fbe0a6caa4cd5691b0c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Installnow_nomal.png

Filesize
1KB

MD5
5a02fb88141286b03e5c96bfab807c11

SHA1
4639a647d31d267cf08f4d3e92d62e61749ca1fa

SHA256
7a668d959b0c980edb8fa1b1a359e881f7865a4ec78f879afb2460f99c45367c

SHA512
f6d8b34e7c60ec8ad8d43b6cdb449dd608d29efd2abe377b2439e8fbdb70b72b048948fb17a65dd8b4469c2c65bbfb2e7c583cb880441e26a0d41b14f1e27c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Language.ini

Filesize
38B

MD5
abacaded57bf1c4c7e02647433e6a8da

SHA1
d2b8df8a815bad3d3314dc21cd0b800289d62b9a

SHA256
8b5b7693577d05ef72bc63bcf31aaa5327aab2fb7790e00d3794f924a117fba7

SHA512
7320a3d005d69df933e6c5c69cefdd27fc50eece20607202c891318d82c20def3c651f0377f1799e0f51e6af9af2a6de2720066ab011be8b93b46ed63d105189

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Main.png

Filesize
15KB

MD5
56153153df832979e4963af537eda094

SHA1
e9804deb056a0b991935ff500d9a0f789e7abb86

SHA256
a993eb488b04a2ac6112cad1463881423924f0aadea90e5d35506e7226c7b3b9

SHA512
517ed9c610700aa9f2a07867600bbc08f0e1ec2067822c79239935cb03437d5624bbe53ef32b4d2849b47355e0084fb3a902d1e8f8d10dcfb72422756e733042

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\MainUI.xml

Filesize
9KB

MD5
ea1eb245ad1843da4fd09176eb27b4c1

SHA1
759cf4fe2b48b31eb428f034e720562153a85eff

SHA256
ded685dc3d3aad3064b341e4969dd2beb91efd0fbfdb30eac990dc75a91b16bf

SHA512
00b8b121583295b3549c9b8538b1119a2384a8032b5d94ba5cab429f58e724d337f4d0e0d388b52da712efd477f591b6b51d823643f9581d15b6ed2cefe38112

Download Submit