652a90d0737fca53fa6583c35883457c6259723791c42a5e14516a43f948306a

Analysis

max time kernel
151s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EasyPrint_Setup_V3.3.8.1.exe
Size

17.8MB
MD5

88173747c343b2bd8b52f6fbc4ffd34c
SHA1

9e227d3ae4a8f1d0fb2b21233e6918276b3848bb
SHA256

18bca2b934ec681647548dba8602fc716c40c11cc89ce19ba137bb1ec5d07c66
SHA512

9e8494ba1bbdef37db381bccbd0581ee8ede07a923d34f232515694ff528c787f4769cbd75855e9384a732cb5b130c352d5e155f77cbab29eaff9c609c261df4
SSDEEP

393216:6y2M6q9cTKsoRcLnosh5aitS8O/BtYX9fQEcEkqM8:6NM19cTWcLnLHJS1YX9oEcvf8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
892	EasyPrint_Setup_V3.3.8.1.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 892	1568	EasyPrint_Setup_V3.3.8.1.exe	86
PID 1568 wrote to memory of 892	1568	EasyPrint_Setup_V3.3.8.1.exe	86
PID 1568 wrote to memory of 892	1568	EasyPrint_Setup_V3.3.8.1.exe	86

C:\Users\Admin\AppData\Local\Temp\EasyPrint_Setup_V3.3.8.1.exe
"C:\Users\Admin\AppData\Local\Temp\EasyPrint_Setup_V3.3.8.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Users\Admin\AppData\Local\Temp\is-R1ASU.tmp\EasyPrint_Setup_V3.3.8.1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-R1ASU.tmp\EasyPrint_Setup_V3.3.8.1.tmp" /SL5="$C0062,18332925,51712,C:\Users\Admin\AppData\Local\Temp\EasyPrint_Setup_V3.3.8.1.exe"
  2⤵
  - Executes dropped EXE
  PID:892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-R1ASU.tmp\EasyPrint_Setup_V3.3.8.1.tmp

Filesize
693KB

MD5
c23f3f69452698b49f33d023e59ff5ad

SHA1
0e1da905f5b0975d351de0ed358b1496e02c7787

SHA256
556c901684368176a8ed8bb383c5bfac2389c84edc16b5e8885a00940a7a0157

SHA512
717c6b69f7d8b342af3d1084282c8accac50cf29408e7287cc0770e89e1a3111760c9d204e62dc69f4eadae97414c6fd325441f376d99749d50c2e1dd647ba86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R1ASU.tmp\EasyPrint_Setup_V3.3.8.1.tmp

Filesize
693KB

MD5
c23f3f69452698b49f33d023e59ff5ad

SHA1
0e1da905f5b0975d351de0ed358b1496e02c7787

SHA256
556c901684368176a8ed8bb383c5bfac2389c84edc16b5e8885a00940a7a0157

SHA512
717c6b69f7d8b342af3d1084282c8accac50cf29408e7287cc0770e89e1a3111760c9d204e62dc69f4eadae97414c6fd325441f376d99749d50c2e1dd647ba86

Download Submit
memory/892-144-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/892-146-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/1568-133-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1568-145-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download