c81b4c857396a02dc1b14d172ce51d5aeec7adfc01007e112d233f28942c6e46

Analysis

max time kernel
144s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
13/03/2023, 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Camtasia Studio 9 (X Saga)/Traductor C9.exe
Size

24.8MB
MD5

e062d22e6db29d0ec752d55ec906ddf2
SHA1

540605320c2fcd6301684babdf0aa81dc7adde66
SHA256

1d34f17ffd671174b1c3c741fb376ba209579cc0b5c4a6063d2bce634fca60be
SHA512

5f40987a963271e6f62ea997656eaea2c16acc81a71ea87255e810714c838e51b5fd192072c285a31461bc022a0e954228cf76266297a1ce15b0c0ec8e7f9932
SSDEEP

393216:UTUwuQ5Be+jw0fP4PH7VovfhmKc3fnhtpEa/wPotZxThqhVu6hhzx2frHsqXD+4K:1hkk+ssPa+nQKglbUMkQfrK4Ws2fk1cd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3776	autorun.exe

Loads dropped DLL 8 IoCs

pid	Process
3776	autorun.exe
3776	autorun.exe
3776	autorun.exe
3776	autorun.exe
3776	autorun.exe
3776	autorun.exe
3776	autorun.exe
3776	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3776	autorun.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4252	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4252	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1768	Traductor C9.exe
1768	Traductor C9.exe
3776	autorun.exe
3776	autorun.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 3776	1768	Traductor C9.exe	85
PID 1768 wrote to memory of 3776	1768	Traductor C9.exe	85
PID 1768 wrote to memory of 3776	1768	Traductor C9.exe	85

C:\Users\Admin\AppData\Local\Temp\Camtasia Studio 9 (X Saga)\Traductor C9.exe
"C:\Users\Admin\AppData\Local\Temp\Camtasia Studio 9 (X Saga)\Traductor C9.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\Camtasia Studio 9 (X Saga)\Traductor C9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3776

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x4e0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4252

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\100_1.ico

Filesize
80KB

MD5
9ef43a45451ad54b2ee06087d426ded7

SHA1
d198b11742fe6fc3a3c6f59b356aa2107c0af7f3

SHA256
c6f65bc3fb19bb10a7c42747010f425bc871bc5a8d0a72ddec9a464ab49b3ace

SHA512
4e91bddd4f67db49c887d273b7af4a68752ad5ae8231691c4f6e4b89088fe3a1d497862a85dfc014dcfed482b53088ae177cfc0e559f2fb1aecfe80560d4c36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Acuerdo.ogg

Filesize
283KB

MD5
ff5b299829aa02208b387650b7278b0a

SHA1
bc13c729efc91c30f5110f85e43c3f38ad9c0ed2

SHA256
9afc79aaca257846242187f3a4554b74d61aeb77c53dec0f4c735419de599b95

SHA512
d7900e98e03eac401e9d5b7988b14f7dd123a06e2d5f898a35673b4ad89677ef8ce8a761a02dd115f8fc38a3b35cdabb8a8fc7a0a7aadf773b381adbdd50b201

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\PERSSON - Sunshine.ogg

Filesize
5.0MB

MD5
7c3ea623dfd97f81845d8ababdd9b0e5

SHA1
30e4aaf8965339ed86ceabd11972f4525df628b0

SHA256
8f82a3f7ec1253f78143e8a10fec768120559a2de206a535e449098747fedd84

SHA512
5a2e0d95e2e1090c4fab8b150a846e4d7c72e2188d405047a2b08820baa0fb12e63482abcc6e9f4ce8dae06820684850ec87014bf9c6db410856d868a4c2164b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Icons\100_1.ico

Filesize
80KB

MD5
9ef43a45451ad54b2ee06087d426ded7

SHA1
d198b11742fe6fc3a3c6f59b356aa2107c0af7f3

SHA256
c6f65bc3fb19bb10a7c42747010f425bc871bc5a8d0a72ddec9a464ab49b3ace

SHA512
4e91bddd4f67db49c887d273b7af4a68752ad5ae8231691c4f6e4b89088fe3a1d497862a85dfc014dcfed482b53088ae177cfc0e559f2fb1aecfe80560d4c36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\GIF\GIF.APO

Filesize
111KB

MD5
486dafef7cbd8910a613edd615b8ebe4

SHA1
61717325ab00ca27eeee278b1dd956282c2f65e1

SHA256
5e31065cb703c7d33c32e14800c23007ed22b7d98713029773fc5723ff3cc410

SHA512
d26ca4ede15de46bb794d53600186da2f89235237a071fd01f0c832478145611474325aac78df5059cf6e2cd5566d71abe48f10676338cbde063214a741dbd7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\GIF\GIF.APO

Filesize
111KB

MD5
486dafef7cbd8910a613edd615b8ebe4

SHA1
61717325ab00ca27eeee278b1dd956282c2f65e1

SHA256
5e31065cb703c7d33c32e14800c23007ed22b7d98713029773fc5723ff3cc410

SHA512
d26ca4ede15de46bb794d53600186da2f89235237a071fd01f0c832478145611474325aac78df5059cf6e2cd5566d71abe48f10676338cbde063214a741dbd7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\GIF\GIF.APO

Filesize
111KB

MD5
486dafef7cbd8910a613edd615b8ebe4

SHA1
61717325ab00ca27eeee278b1dd956282c2f65e1

SHA256
5e31065cb703c7d33c32e14800c23007ed22b7d98713029773fc5723ff3cc410

SHA512
d26ca4ede15de46bb794d53600186da2f89235237a071fd01f0c832478145611474325aac78df5059cf6e2cd5566d71abe48f10676338cbde063214a741dbd7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\GlobalTimer\GlobalTimer.lmd

Filesize
68KB

MD5
b8345cc0714a0f7f5a0146f4a546d68a

SHA1
9afdd1ba8effbdab28f14b1b121ae6abc31dd67a

SHA256
bb61241e7649e7dbe71b70eae4baf6314871d8eccc78aa214ba7230e5a9b91c4

SHA512
d57995cd421e8a15940c684c60b2ed3441ee9030e8be0301516f06a5e80198b69d746420de2f724ea8fa5127a5a18d75f7376459f8f56ec26f6d9dc4c71023b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\GlobalTimer\GlobalTimer.lmd

Filesize
68KB

MD5
b8345cc0714a0f7f5a0146f4a546d68a

SHA1
9afdd1ba8effbdab28f14b1b121ae6abc31dd67a

SHA256
bb61241e7649e7dbe71b70eae4baf6314871d8eccc78aa214ba7230e5a9b91c4

SHA512
d57995cd421e8a15940c684c60b2ed3441ee9030e8be0301516f06a5e80198b69d746420de2f724ea8fa5127a5a18d75f7376459f8f56ec26f6d9dc4c71023b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\GlobalTimer\GlobalTimer.lmd

Filesize
68KB

MD5
b8345cc0714a0f7f5a0146f4a546d68a

SHA1
9afdd1ba8effbdab28f14b1b121ae6abc31dd67a

SHA256
bb61241e7649e7dbe71b70eae4baf6314871d8eccc78aa214ba7230e5a9b91c4

SHA512
d57995cd421e8a15940c684c60b2ed3441ee9030e8be0301516f06a5e80198b69d746420de2f724ea8fa5127a5a18d75f7376459f8f56ec26f6d9dc4c71023b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Wow64\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Wow64\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Wow64\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\httpaccess\httpaccess.lmd

Filesize
1.6MB

MD5
5353691b85d5277dd0737b2e18a0696f

SHA1
a8cd40355154ca012ca03e69edde7a618befb78f

SHA256
b004310c907e229174d72352d6e5ac348cd8c31f0cbdb1b04433d7a9ed637ccf

SHA512
de4bab00ecbd1a26c21d73e62e65c55e0cb51e794e892e99d5253303990e95911c3c00e83a623c75a20aa138afda03c6b7b36395496cbc84b63242200f1374c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\httpaccess\httpaccess.lmd

Filesize
1.6MB

MD5
5353691b85d5277dd0737b2e18a0696f

SHA1
a8cd40355154ca012ca03e69edde7a618befb78f

SHA256
b004310c907e229174d72352d6e5ac348cd8c31f0cbdb1b04433d7a9ed637ccf

SHA512
de4bab00ecbd1a26c21d73e62e65c55e0cb51e794e892e99d5253303990e95911c3c00e83a623c75a20aa138afda03c6b7b36395496cbc84b63242200f1374c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
1.1MB

MD5
892d04a4313f46bdfdc6bc12f3a77e5c

SHA1
626629d8ef24cdf544ad1393e0a25924b405d2cc

SHA256
34f312e9ba697da60960b1997417e88bf7cbd7f4c0f08d8a7f69d1f943aa9e7f

SHA512
f0e6ca7e8acbfdee6541707b32dd59f1f0d317e86c6ceaacdc8c1a35ea46ca01a29fe0a1058b8b1f5fd47fca36d91f23454ebcc97cd6f6de346022f16e63302c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.2MB

MD5
226f1c875ccebe6cf35db1ebd71f6e5e

SHA1
5efe53a04997a01cf02e34ca421d860a61a61e73

SHA256
930c87d21cf2e1bed406ccc465f00fd745cc33f8ccebc73a74cd5d29ed5422b5

SHA512
8171abe7a55f4884c04de82834378c4e4c8eda1b64bae63d9fb5aab8388d4bd9016f82dce6aeba1255721ca3400da53f32ef22fadb014a40c5459c9dad498701

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.2MB

MD5
226f1c875ccebe6cf35db1ebd71f6e5e

SHA1
5efe53a04997a01cf02e34ca421d860a61a61e73

SHA256
930c87d21cf2e1bed406ccc465f00fd745cc33f8ccebc73a74cd5d29ed5422b5

SHA512
8171abe7a55f4884c04de82834378c4e4c8eda1b64bae63d9fb5aab8388d4bd9016f82dce6aeba1255721ca3400da53f32ef22fadb014a40c5459c9dad498701

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
322KB

MD5
c3256800dce47c14acc83ccca4c3e2ac

SHA1
9d126818c66991dbc3813a65eddb88bbcf77f30a

SHA256
f26f4f66022acc96d0319c09814ebeda60f4ab96b63b6262045dc786dc7c5866

SHA512
6865a98ad8a6bd02d1ba35a28b36b6306af393f5e9ad767cd6da027bb021f7399d629423f510c44436ac3e4603b6c606493edf8b14d21fabf3eab16d37bd0d25

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
322KB

MD5
c3256800dce47c14acc83ccca4c3e2ac

SHA1
9d126818c66991dbc3813a65eddb88bbcf77f30a

SHA256
f26f4f66022acc96d0319c09814ebeda60f4ab96b63b6262045dc786dc7c5866

SHA512
6865a98ad8a6bd02d1ba35a28b36b6306af393f5e9ad767cd6da027bb021f7399d629423f510c44436ac3e4603b6c606493edf8b14d21fabf3eab16d37bd0d25

Download Submit
memory/3776-268-0x0000000004A40000-0x0000000004B02000-memory.dmp

Filesize
776KB

Download
memory/3776-272-0x0000000004BF0000-0x0000000004C41000-memory.dmp

Filesize
324KB

Download
memory/3776-274-0x0000000004B60000-0x0000000004B63000-memory.dmp

Filesize
12KB

Download
memory/3776-271-0x0000000004A00000-0x0000000004A02000-memory.dmp

Filesize
8KB

Download
memory/3776-277-0x0000000004D20000-0x0000000004D7F000-memory.dmp

Filesize
380KB

Download
memory/3776-278-0x0000000004B90000-0x0000000004B92000-memory.dmp

Filesize
8KB

Download