4b54d71c16a277f89613eed4f073fc4e0ca02451df90588d7bd250af6a169c68

Analysis

max time kernel
77s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2023, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PortableApps.comLauncher_2.2.3.paf.exe
Size

2.6MB
MD5

5d2f6a8aa1bc967741776afd1c7452d1
SHA1

fa6df99a1913f64a949d8b3032c9e0abf278fa0a
SHA256

4b54d71c16a277f89613eed4f073fc4e0ca02451df90588d7bd250af6a169c68
SHA512

df1c38f07621168e05f40a4d188ed5946cee2a5135f1e3b417631f8416a9d561f3b2618a3ec2cc80ced0b9c2e1bbd2d57d13c98e36f501bb05ae7f5175467bf8
SSDEEP

49152:bLJ9qkmQ2V5miFo1KWviZ0dBslCbhYDRzUZfNqoY5JDnnE2SQhfWkB9:v2kyH+KqAGUQhuRzafNqpJT7rB9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1772	PortableApps.comLauncher_2.2.3.paf.exe
1772	PortableApps.comLauncher_2.2.3.paf.exe
1772	PortableApps.comLauncher_2.2.3.paf.exe
1772	PortableApps.comLauncher_2.2.3.paf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1772	PortableApps.comLauncher_2.2.3.paf.exe
1772	PortableApps.comLauncher_2.2.3.paf.exe

C:\Users\Admin\AppData\Local\Temp\PortableApps.comLauncher_2.2.3.paf.exe
"C:\Users\Admin\AppData\Local\Temp\PortableApps.comLauncher_2.2.3.paf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa7DB2.tmp\LangDLL.dll

Filesize
5KB

MD5
08de81a4584f5201086f57a7a93ed83b

SHA1
266a6ecc8fb7dca115e6915cd75e2595816841a8

SHA256
4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6

SHA512
b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa7DB2.tmp\System.dll

Filesize
12KB

MD5
6e55a6e7c3fdbd244042eb15cb1ec739

SHA1
070ea80e2192abc42f358d47b276990b5fa285a9

SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa7DB2.tmp\System.dll

Filesize
12KB

MD5
6e55a6e7c3fdbd244042eb15cb1ec739

SHA1
070ea80e2192abc42f358d47b276990b5fa285a9

SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa7DB2.tmp\System.dll

Filesize
12KB

MD5
6e55a6e7c3fdbd244042eb15cb1ec739

SHA1
070ea80e2192abc42f358d47b276990b5fa285a9

SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa7DB2.tmp\nsDialogs.dll

Filesize
9KB

MD5
ca5bb0ee2b698869c41c087c9854487c

SHA1
4a8abbb2544f1a9555e57a142a147dfeb40c4ca4

SHA256
c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324

SHA512
363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

Download Submit