eff7c642084f3930e8cd8391c4d81964bab21234e4a8666a8ad71c1ca9218a91

Analysis

max time kernel
80s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MuMuInstaller_1.5.0.6_overseas-v2.7.20.0x64_all_1678970676.exe
Size

5.0MB
MD5

529f667812cf9e1d22e3d89116b58188
SHA1

e8607d35f33df1ac180611afeb606282234f4d0d
SHA256

eff7c642084f3930e8cd8391c4d81964bab21234e4a8666a8ad71c1ca9218a91
SHA512

f1d93b88db2fd3d838375c37f2be019b743dd36b394a55c60e363afcba9fbd4a0e368140695eac28864a10ee3178766c8b4ab4c4d3f10694af585d3746c96d85
SSDEEP

98304:DealaARPaKusu7RfLUOnGsMZB1FVNtTuF3xhu3qNIsc02vDRZTEh:KaBPaHsuFwOnGsEVNW3x83qysc02vVZg

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	nemu-downloader.exe

Executes dropped EXE 6 IoCs

pid	Process
3764	nemu-downloader.exe
1956	crashpad_handler.exe
4692	ColaBoxChecker.exe
2016	ColaBoxChecker.exe
3248	ColaBoxChecker.exe
3388	ColaBoxChecker.exe

Loads dropped DLL 6 IoCs

pid	Process
3764	nemu-downloader.exe
3764	nemu-downloader.exe
3764	nemu-downloader.exe
1956	crashpad_handler.exe
1956	crashpad_handler.exe
1956	crashpad_handler.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
1248	systeminfo.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 3764	2472	MuMuInstaller_1.5.0.6_overseas-v2.7.20.0x64_all_1678970676.exe	84
PID 2472 wrote to memory of 3764	2472	MuMuInstaller_1.5.0.6_overseas-v2.7.20.0x64_all_1678970676.exe	84
PID 2472 wrote to memory of 3764	2472	MuMuInstaller_1.5.0.6_overseas-v2.7.20.0x64_all_1678970676.exe	84
PID 3764 wrote to memory of 1956	3764	nemu-downloader.exe	86
PID 3764 wrote to memory of 1956	3764	nemu-downloader.exe	86
PID 3764 wrote to memory of 1956	3764	nemu-downloader.exe	86
PID 3764 wrote to memory of 4692	3764	nemu-downloader.exe	87
PID 3764 wrote to memory of 4692	3764	nemu-downloader.exe	87
PID 3764 wrote to memory of 4692	3764	nemu-downloader.exe	87
PID 3764 wrote to memory of 2016	3764	nemu-downloader.exe	93
PID 3764 wrote to memory of 2016	3764	nemu-downloader.exe	93
PID 3764 wrote to memory of 2016	3764	nemu-downloader.exe	93
PID 2016 wrote to memory of 1248	2016	ColaBoxChecker.exe	95
PID 2016 wrote to memory of 1248	2016	ColaBoxChecker.exe	95
PID 2016 wrote to memory of 1248	2016	ColaBoxChecker.exe	95
PID 3764 wrote to memory of 3248	3764	nemu-downloader.exe	101
PID 3764 wrote to memory of 3248	3764	nemu-downloader.exe	101
PID 3764 wrote to memory of 3248	3764	nemu-downloader.exe	101
PID 3764 wrote to memory of 3388	3764	nemu-downloader.exe	105
PID 3764 wrote to memory of 3388	3764	nemu-downloader.exe	105
PID 3764 wrote to memory of 3388	3764	nemu-downloader.exe	105

C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_1.5.0.6_overseas-v2.7.20.0x64_all_1678970676.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_1.5.0.6_overseas-v2.7.20.0x64_all_1678970676.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\nemu-downloader.exe
  C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\nemu-downloader.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3764
- - C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\crashpad_handler.exe
    C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\.sentry-native --metrics-dir=C:\Users\Admin\AppData\Local\Temp\.sentry-native --url=https://sentry.netease.com:443/api/81/minidump/?sentry_client=sentry.native/0.5.0&sentry_key=b2a9969e03944fae81a12cf84afa6bd2 --attachment=C:\Users\Admin\AppData\Local\Temp\nemu-downloader-a565016c-1119-4038-835e-5490b76b9445.log --attachment=C:\Users\Admin\AppData\Local\Temp\.sentry-native\a88fed50-78f7-4d9a-21a0-65b973a23705.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Temp\.sentry-native\a88fed50-78f7-4d9a-21a0-65b973a23705.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Temp\.sentry-native\a88fed50-78f7-4d9a-21a0-65b973a23705.run\__sentry-breadcrumb2 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x75544d80,0x75544d94,0x75544da4
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe" checker /baseboard
    3⤵
    - Executes dropped EXE
    PID:4692
- - C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe" checker /hyperv
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2016
  - - C:\Windows\SysWOW64\systeminfo.exe
      "C:\Windows\system32\systeminfo.exe"
      4⤵
      Gathers system information
      PID:1248
- - C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe" checker /hyperv
    3⤵
    - Executes dropped EXE
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe" checker /hyperv
    3⤵
    - Executes dropped EXE
    PID:3388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\MSVCP140.dll

Filesize
427KB

MD5
ff877a5dffd764197250bd4ba28496b1

SHA1
187b8e183fc3331dd4ba139333886ad1fbf333a7

SHA256
83f935454ae8e450b6f042509ecf28cceff95edb2495c63a782b9d45c2eaf1c0

SHA512
b9245353f8a8bce6f443345daf50e135aa9d84bcce4dc5fd9279216b99bc6a1fa409292e110132ad815f303f36006610d6907e9fc778e94977beb2332481d03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\VCRUNTIME140.dll

Filesize
78KB

MD5
1e6e97d60d411a2dee8964d3d05adb15

SHA1
0a2fe6ec6b6675c44998c282dbb1cd8787612faf

SHA256
8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9

SHA512
3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\baseboard

Filesize
115B

MD5
e2749361a04ebfda84dc42158c244256

SHA1
cbb079e9aee88d62d7a2119123c02fb321f15cc1

SHA256
621ab419caddff1813ae1e3ce48a5995658580a24c2dc336fc5d6ea3cbe93137

SHA512
8998f024dd92a5eaf3310b61096c79be1f126b60722d6f5258c7d5c4a84198246b930f073c533955aa96b08e5bc163a9865854306cb65dbbd92588ab3448b891

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\config.ini

Filesize
346B

MD5
4607a0bd3559313af6517727459d400c

SHA1
d6919163b58817c7d529b14a38c4c474b9107208

SHA256
0905b3749e71ef078769ea815456b0591c8e0088defeeda92e8bd6c7f86d83ed

SHA512
da93d5feca3d6058ed0c5927dd12cb9b182042058e929c97b3e3009bc14ef15b5145af782fba4fea3c758d72c32cce03049cd126d29901b6e744e2d25a7ce236

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\crashpad_handler.exe

Filesize
845KB

MD5
abfcbbaffa2606e272b29d6e2b4a1d23

SHA1
1a5c365f6d73716c07d92c9f1ec37b8b1d78494d

SHA256
c0cab2ede028b24c6055843554cfd20b445bafeff607fc3641b4e476ff778367

SHA512
bacdef0e229a26b107c51e53227e9f68c5913d6d10f784458672564a30a601d30fd4082e4fc2804dfa7a0060f6625ddcdf8850a4816d25cee3bbdbc3ade1f36c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\crashpad_handler.exe

Filesize
845KB

MD5
abfcbbaffa2606e272b29d6e2b4a1d23

SHA1
1a5c365f6d73716c07d92c9f1ec37b8b1d78494d

SHA256
c0cab2ede028b24c6055843554cfd20b445bafeff607fc3641b4e476ff778367

SHA512
bacdef0e229a26b107c51e53227e9f68c5913d6d10f784458672564a30a601d30fd4082e4fc2804dfa7a0060f6625ddcdf8850a4816d25cee3bbdbc3ade1f36c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\hyperv

Filesize
97B

MD5
8024f03dea12a3122d25642d2ef7a586

SHA1
a3d01fa646d4b91bc3808eaf966b52b14f48bd5c

SHA256
63bd4fbfdbcff57b5e16b05688153c4d0432c2e3fecf59d2895a3241259abedc

SHA512
15200afcb3f17a5fa516b5c1dd88ca3eddc71f18ba420c34242716ae7717554049ceac0a9c5d4b8ba608e7f62f40bd9375ca8d83284cbbfe4a7ada524cd64117

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\msvcp140.dll

Filesize
427KB

MD5
ff877a5dffd764197250bd4ba28496b1

SHA1
187b8e183fc3331dd4ba139333886ad1fbf333a7

SHA256
83f935454ae8e450b6f042509ecf28cceff95edb2495c63a782b9d45c2eaf1c0

SHA512
b9245353f8a8bce6f443345daf50e135aa9d84bcce4dc5fd9279216b99bc6a1fa409292e110132ad815f303f36006610d6907e9fc778e94977beb2332481d03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\msvcp140.dll

Filesize
427KB

MD5
ff877a5dffd764197250bd4ba28496b1

SHA1
187b8e183fc3331dd4ba139333886ad1fbf333a7

SHA256
83f935454ae8e450b6f042509ecf28cceff95edb2495c63a782b9d45c2eaf1c0

SHA512
b9245353f8a8bce6f443345daf50e135aa9d84bcce4dc5fd9279216b99bc6a1fa409292e110132ad815f303f36006610d6907e9fc778e94977beb2332481d03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\nemu-downloader.exe

Filesize
2.8MB

MD5
beff14873dc5abfab7461100b1873750

SHA1
c33b1d4cadcd1ce9e6f4d361e37645fef14eb5f0

SHA256
4778777a574ab3e9d5529b18d719a426e6ddc9c726579bfbfb087f51b6947032

SHA512
a1dcaa03422722073ee9c6e2fe8966f853f679d0d63f22617a2552c3cc188084570e3fc4aa670b3285afff78bb414917645cfc0e951f48c7d7a69e9e8f3a1f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\sentry.dll

Filesize
430KB

MD5
ad5ff8a7c3e7620054ce412f89af33c4

SHA1
3d604a8afba411282dc17ccc696fe048161a76c0

SHA256
7539405e35dd84561a6d28404c30b8ca46bef516b8f10b9e46118aad72cbd9cf

SHA512
98e7a5f4ea7b39b589013ce6b26a9ffdec59372b3bd8a08506507a1b8c64312903a8367858dd3069b9c18ec4d45fbb18f6420de45a9831eb112a86dfbf0251ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\sentry.dll

Filesize
430KB

MD5
ad5ff8a7c3e7620054ce412f89af33c4

SHA1
3d604a8afba411282dc17ccc696fe048161a76c0

SHA256
7539405e35dd84561a6d28404c30b8ca46bef516b8f10b9e46118aad72cbd9cf

SHA512
98e7a5f4ea7b39b589013ce6b26a9ffdec59372b3bd8a08506507a1b8c64312903a8367858dd3069b9c18ec4d45fbb18f6420de45a9831eb112a86dfbf0251ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\skin.zip

Filesize
523KB

MD5
42ad0bea70bee20af548b83fc9225bc3

SHA1
fc2410e345d131ac1e48c4eecf6c8a326c2cb2c4

SHA256
200717a9284a32a8166ac9e34e53a2a1f5f63c3bafab5e74387c288421651810

SHA512
63f15247c286ecc1366a08e276efe367fb524a283997d227d8c6542ad4f1055aac22e538470a18755dc20449b88d1d350baed3246d66f63b4c39b06171cf1dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\vcruntime140.dll

Filesize
78KB

MD5
1e6e97d60d411a2dee8964d3d05adb15

SHA1
0a2fe6ec6b6675c44998c282dbb1cd8787612faf

SHA256
8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9

SHA512
3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\vcruntime140.dll

Filesize
78KB

MD5
1e6e97d60d411a2dee8964d3d05adb15

SHA1
0a2fe6ec6b6675c44998c282dbb1cd8787612faf

SHA256
8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9

SHA512
3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z6FFC39A8\vcruntime140.dll

Filesize
78KB

MD5
1e6e97d60d411a2dee8964d3d05adb15

SHA1
0a2fe6ec6b6675c44998c282dbb1cd8787612faf

SHA256
8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9

SHA512
3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.inf

Filesize
2KB

MD5
f069f20871cb316bfb73c276393d1648

SHA1
44851e9f466f58dca883931b18687bfc4921551b

SHA256
07942017e8caaa1065867aecc561577199e53142545cb6fb41239ae4c607d46b

SHA512
72e60561daf384f7ba4003140d72f45ebec82d12c14bd00f4008f92be35a839666f3b24084ff842a0a023d3a595b70dd801f45b8695830bd800cf6862ba05fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.inf

Filesize
2KB

MD5
f069f20871cb316bfb73c276393d1648

SHA1
44851e9f466f58dca883931b18687bfc4921551b

SHA256
07942017e8caaa1065867aecc561577199e53142545cb6fb41239ae4c607d46b

SHA512
72e60561daf384f7ba4003140d72f45ebec82d12c14bd00f4008f92be35a839666f3b24084ff842a0a023d3a595b70dd801f45b8695830bd800cf6862ba05fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.inf

Filesize
2KB

MD5
f069f20871cb316bfb73c276393d1648

SHA1
44851e9f466f58dca883931b18687bfc4921551b

SHA256
07942017e8caaa1065867aecc561577199e53142545cb6fb41239ae4c607d46b

SHA512
72e60561daf384f7ba4003140d72f45ebec82d12c14bd00f4008f92be35a839666f3b24084ff842a0a023d3a595b70dd801f45b8695830bd800cf6862ba05fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.inf

Filesize
2KB

MD5
f069f20871cb316bfb73c276393d1648

SHA1
44851e9f466f58dca883931b18687bfc4921551b

SHA256
07942017e8caaa1065867aecc561577199e53142545cb6fb41239ae4c607d46b

SHA512
72e60561daf384f7ba4003140d72f45ebec82d12c14bd00f4008f92be35a839666f3b24084ff842a0a023d3a595b70dd801f45b8695830bd800cf6862ba05fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.sys

Filesize
31KB

MD5
a73ee34a7a50be60e77cc277a96d7ba8

SHA1
b3a8e39cd99feb817ce799cce193a2fbb12cbec6

SHA256
4448beff8366e42e3393e8c7f8261aee0b0340356c31aa3b97de07452ae01888

SHA512
668806257d29f73315b26540f0453bd673901c25fb3f16cba942c2dcf2006be8777573efbd831fce2bc7f0111b44b31a06c812ed9b1f59d5be0eb0c3c5c9eff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.sys

Filesize
31KB

MD5
a73ee34a7a50be60e77cc277a96d7ba8

SHA1
b3a8e39cd99feb817ce799cce193a2fbb12cbec6

SHA256
4448beff8366e42e3393e8c7f8261aee0b0340356c31aa3b97de07452ae01888

SHA512
668806257d29f73315b26540f0453bd673901c25fb3f16cba942c2dcf2006be8777573efbd831fce2bc7f0111b44b31a06c812ed9b1f59d5be0eb0c3c5c9eff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.sys

Filesize
31KB

MD5
a73ee34a7a50be60e77cc277a96d7ba8

SHA1
b3a8e39cd99feb817ce799cce193a2fbb12cbec6

SHA256
4448beff8366e42e3393e8c7f8261aee0b0340356c31aa3b97de07452ae01888

SHA512
668806257d29f73315b26540f0453bd673901c25fb3f16cba942c2dcf2006be8777573efbd831fce2bc7f0111b44b31a06c812ed9b1f59d5be0eb0c3c5c9eff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0.sys

Filesize
31KB

MD5
a73ee34a7a50be60e77cc277a96d7ba8

SHA1
b3a8e39cd99feb817ce799cce193a2fbb12cbec6

SHA256
4448beff8366e42e3393e8c7f8261aee0b0340356c31aa3b97de07452ae01888

SHA512
668806257d29f73315b26540f0453bd673901c25fb3f16cba942c2dcf2006be8777573efbd831fce2bc7f0111b44b31a06c812ed9b1f59d5be0eb0c3c5c9eff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.inf

Filesize
2KB

MD5
0f6d3047d1b670058d71c411707ef16e

SHA1
7e51d69b5f109ea6902232212fad28deb46f59ef

SHA256
3fded2f4457b0beb415b841b40f6ede5ed527dd537e53e2f70f2fb4a6e24ebfd

SHA512
6a749b4921f527c5af51ade76bfcef2446341b3e66de0d93deb95d26d31dfc357d392f6abdf877b756a7c0529112eba343a3c9926eba767b649d654e6d164280

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.inf

Filesize
2KB

MD5
0f6d3047d1b670058d71c411707ef16e

SHA1
7e51d69b5f109ea6902232212fad28deb46f59ef

SHA256
3fded2f4457b0beb415b841b40f6ede5ed527dd537e53e2f70f2fb4a6e24ebfd

SHA512
6a749b4921f527c5af51ade76bfcef2446341b3e66de0d93deb95d26d31dfc357d392f6abdf877b756a7c0529112eba343a3c9926eba767b649d654e6d164280

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.inf

Filesize
2KB

MD5
0f6d3047d1b670058d71c411707ef16e

SHA1
7e51d69b5f109ea6902232212fad28deb46f59ef

SHA256
3fded2f4457b0beb415b841b40f6ede5ed527dd537e53e2f70f2fb4a6e24ebfd

SHA512
6a749b4921f527c5af51ade76bfcef2446341b3e66de0d93deb95d26d31dfc357d392f6abdf877b756a7c0529112eba343a3c9926eba767b649d654e6d164280

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.inf

Filesize
2KB

MD5
0f6d3047d1b670058d71c411707ef16e

SHA1
7e51d69b5f109ea6902232212fad28deb46f59ef

SHA256
3fded2f4457b0beb415b841b40f6ede5ed527dd537e53e2f70f2fb4a6e24ebfd

SHA512
6a749b4921f527c5af51ade76bfcef2446341b3e66de0d93deb95d26d31dfc357d392f6abdf877b756a7c0529112eba343a3c9926eba767b649d654e6d164280

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.sys

Filesize
32KB

MD5
1c57d067b9fc5e9ef9aeb14223481243

SHA1
4ee59164d3259667d3cade58f4c93b4dddf5a92b

SHA256
d5bca2ca464a6cc91344bd85e812a7bac6e7c67038c4929a29e0bc60c7eabe4d

SHA512
a8de7ab7f67cbe2bf25fd772c24344031322dfab77d07fd835109530450683c158f37955982e875a3acbbfaea2e72c0ba5a52d85f3e1e58984ec63c96f6c0ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.sys

Filesize
32KB

MD5
1c57d067b9fc5e9ef9aeb14223481243

SHA1
4ee59164d3259667d3cade58f4c93b4dddf5a92b

SHA256
d5bca2ca464a6cc91344bd85e812a7bac6e7c67038c4929a29e0bc60c7eabe4d

SHA512
a8de7ab7f67cbe2bf25fd772c24344031322dfab77d07fd835109530450683c158f37955982e875a3acbbfaea2e72c0ba5a52d85f3e1e58984ec63c96f6c0ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.sys

Filesize
32KB

MD5
1c57d067b9fc5e9ef9aeb14223481243

SHA1
4ee59164d3259667d3cade58f4c93b4dddf5a92b

SHA256
d5bca2ca464a6cc91344bd85e812a7bac6e7c67038c4929a29e0bc60c7eabe4d

SHA512
a8de7ab7f67cbe2bf25fd772c24344031322dfab77d07fd835109530450683c158f37955982e875a3acbbfaea2e72c0ba5a52d85f3e1e58984ec63c96f6c0ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRing0x64.sys

Filesize
32KB

MD5
1c57d067b9fc5e9ef9aeb14223481243

SHA1
4ee59164d3259667d3cade58f4c93b4dddf5a92b

SHA256
d5bca2ca464a6cc91344bd85e812a7bac6e7c67038c4929a29e0bc60c7eabe4d

SHA512
a8de7ab7f67cbe2bf25fd772c24344031322dfab77d07fd835109530450683c158f37955982e875a3acbbfaea2e72c0ba5a52d85f3e1e58984ec63c96f6c0ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0.cat

Filesize
10KB

MD5
5691a9b76c5b0bd1dd83687f5f0e87a1

SHA1
aa79bf0cc8dcc8c6abc6b85793655060f9cbf223

SHA256
784e031565c67f1d29640c62f0cc205d5b56c1f78be894252cce06474b64a618

SHA512
09cf42743b5d0304179838eadf195821f2f8183d6b8b175642f0b871386c3e2af0e5e59cfaf3f235c16583689b8ed06fc9703e29a6cf234398aaed04c7a9ff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0.cat

Filesize
10KB

MD5
5691a9b76c5b0bd1dd83687f5f0e87a1

SHA1
aa79bf0cc8dcc8c6abc6b85793655060f9cbf223

SHA256
784e031565c67f1d29640c62f0cc205d5b56c1f78be894252cce06474b64a618

SHA512
09cf42743b5d0304179838eadf195821f2f8183d6b8b175642f0b871386c3e2af0e5e59cfaf3f235c16583689b8ed06fc9703e29a6cf234398aaed04c7a9ff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0.cat

Filesize
10KB

MD5
5691a9b76c5b0bd1dd83687f5f0e87a1

SHA1
aa79bf0cc8dcc8c6abc6b85793655060f9cbf223

SHA256
784e031565c67f1d29640c62f0cc205d5b56c1f78be894252cce06474b64a618

SHA512
09cf42743b5d0304179838eadf195821f2f8183d6b8b175642f0b871386c3e2af0e5e59cfaf3f235c16583689b8ed06fc9703e29a6cf234398aaed04c7a9ff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0.cat

Filesize
10KB

MD5
5691a9b76c5b0bd1dd83687f5f0e87a1

SHA1
aa79bf0cc8dcc8c6abc6b85793655060f9cbf223

SHA256
784e031565c67f1d29640c62f0cc205d5b56c1f78be894252cce06474b64a618

SHA512
09cf42743b5d0304179838eadf195821f2f8183d6b8b175642f0b871386c3e2af0e5e59cfaf3f235c16583689b8ed06fc9703e29a6cf234398aaed04c7a9ff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0x64.cat

Filesize
11KB

MD5
e7cee7f541c057f490d486927d659122

SHA1
420888e25a44629c0b53450cc3a3ea9398b373c8

SHA256
317d01d9956f052d929fdbac258f1a2dc5163d3432fc488023a1f4d332ae3d45

SHA512
582cdb32a0e322e945a3ed6a144d21a3606d37e88fac73edc4129e4ee3dea66e5a9ebd8c803e07e59fa00cfc6d6f174a1cc8a947f167a100d4065a10c4615121

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0x64.cat

Filesize
11KB

MD5
e7cee7f541c057f490d486927d659122

SHA1
420888e25a44629c0b53450cc3a3ea9398b373c8

SHA256
317d01d9956f052d929fdbac258f1a2dc5163d3432fc488023a1f4d332ae3d45

SHA512
582cdb32a0e322e945a3ed6a144d21a3606d37e88fac73edc4129e4ee3dea66e5a9ebd8c803e07e59fa00cfc6d6f174a1cc8a947f167a100d4065a10c4615121

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0x64.cat

Filesize
11KB

MD5
e7cee7f541c057f490d486927d659122

SHA1
420888e25a44629c0b53450cc3a3ea9398b373c8

SHA256
317d01d9956f052d929fdbac258f1a2dc5163d3432fc488023a1f4d332ae3d45

SHA512
582cdb32a0e322e945a3ed6a144d21a3606d37e88fac73edc4129e4ee3dea66e5a9ebd8c803e07e59fa00cfc6d6f174a1cc8a947f167a100d4065a10c4615121

Download Submit
C:\Users\Admin\AppData\Local\Temp\winring0x64.cat

Filesize
11KB

MD5
e7cee7f541c057f490d486927d659122

SHA1
420888e25a44629c0b53450cc3a3ea9398b373c8

SHA256
317d01d9956f052d929fdbac258f1a2dc5163d3432fc488023a1f4d332ae3d45

SHA512
582cdb32a0e322e945a3ed6a144d21a3606d37e88fac73edc4129e4ee3dea66e5a9ebd8c803e07e59fa00cfc6d6f174a1cc8a947f167a100d4065a10c4615121

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads