09ef4b9244eb44567917f2c42d946f0f0feec3eb2fab4a82a9cfb7a4880a88c3

Analysis

max time kernel
115s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27-03-2023 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Typograph_Setup.exe
Size

1.8MB
MD5

d83d5fddde82eab9f6b4268ebffba4cf
SHA1

e2c3d95e9e6c906e8dd532cc7ad77346da901d35
SHA256

09ef4b9244eb44567917f2c42d946f0f0feec3eb2fab4a82a9cfb7a4880a88c3
SHA512

d0a68b7aa0f56f792f5a2ac0a0ca8708c351acf85db061314a9c4ec23db86a8b8664b4d219416f8d34d9851f241d32830656aa90fba325999f68c2f901876f02
SSDEEP

49152:esg5bbIeH/0Ze8aXgGmdxvl8QgPI1dIzA7SYu:es4KvX5ddlBlrSYu

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

setup.exeFontSets.exeTypograf.exe

pid process

1652 setup.exe
548 FontSets.exe
1756 Typograf.exe
Loads dropped DLL 9 IoCs

Processes:

Typograph_Setup.exesetup.exeTypograf.exe

pid process

1360 Typograph_Setup.exe
1652 setup.exe
1652 setup.exe
1652 setup.exe
1652 setup.exe
1652 setup.exe
1652 setup.exe
1652 setup.exe
1756 Typograf.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

Typograf.exe

description ioc process

File opened for modification \??\PhysicalDrive0 Typograf.exe

pid	process
1652	setup.exe
548	FontSets.exe
1756	Typograf.exe

pid	process
1360	Typograph_Setup.exe
1652	setup.exe
1652	setup.exe
1652	setup.exe
1652	setup.exe
1652	setup.exe
1652	setup.exe
1652	setup.exe
1756	Typograf.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Typograf.exe

Drops file in Program Files directory 22 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Typograf\setup.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\typograf.chm	setup.exe
File created	C:\Program Files (x86)\Typograf\atmdll.dll	setup.exe
File created	C:\Program Files (x86)\Typograf\EXMONO.TTF	setup.exe
File created	C:\Program Files (x86)\Typograf\FontSets.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\EXMONO.TTF	setup.exe
File created	C:\Program Files (x86)\Typograf\order.txt	setup.exe
File created	C:\Program Files (x86)\Typograf\readme.txt	setup.exe
File created	C:\Program Files (x86)\Typograf\setup.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\Typograf.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\atmdll.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\BONZAI.TTF	setup.exe
File created	C:\Program Files (x86)\Typograf\BONZAI.TTF	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\uninstal.exe	setup.exe
File created	C:\Program Files (x86)\Typograf\uninstal.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\order.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\readme.txt	setup.exe
File created	C:\Program Files (x86)\Typograf\typograf.chm	setup.exe
File created	C:\Program Files (x86)\Typograf\Typograf.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\FontHelper.exe	setup.exe
File created	C:\Program Files (x86)\Typograf\FontHelper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Typograf\FontSets.exe	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 3 IoCs

Processes:

Typograf.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Typograf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Typograf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Typograf.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

FontSets.exeTypograf.exe

pid process

548 FontSets.exe
548 FontSets.exe
1756 Typograf.exe
1756 Typograf.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

FontSets.exe

pid process

548 FontSets.exe
548 FontSets.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

FontSets.exe

pid process

548 FontSets.exe
548 FontSets.exe

pid	process
548	FontSets.exe
548	FontSets.exe
1756	Typograf.exe
1756	Typograf.exe

pid	process
548	FontSets.exe
548	FontSets.exe

pid	process
548	FontSets.exe
548	FontSets.exe

Suspicious use of WriteProcessMemory 25 IoCs

Processes:

Typograph_Setup.exesetup.exeexplorer.exe

description	pid	process	target process
PID 1360 wrote to memory of 1652	1360	Typograph_Setup.exe	setup.exe
PID 1360 wrote to memory of 1652	1360	Typograph_Setup.exe	setup.exe
PID 1360 wrote to memory of 1652	1360	Typograph_Setup.exe	setup.exe
PID 1360 wrote to memory of 1652	1360	Typograph_Setup.exe	setup.exe
PID 1360 wrote to memory of 1652	1360	Typograph_Setup.exe	setup.exe
PID 1360 wrote to memory of 1652	1360	Typograph_Setup.exe	setup.exe
PID 1360 wrote to memory of 1652	1360	Typograph_Setup.exe	setup.exe
PID 1652 wrote to memory of 548	1652	setup.exe	FontSets.exe
PID 1652 wrote to memory of 548	1652	setup.exe	FontSets.exe
PID 1652 wrote to memory of 548	1652	setup.exe	FontSets.exe
PID 1652 wrote to memory of 548	1652	setup.exe	FontSets.exe
PID 1652 wrote to memory of 548	1652	setup.exe	FontSets.exe
PID 1652 wrote to memory of 548	1652	setup.exe	FontSets.exe
PID 1652 wrote to memory of 548	1652	setup.exe	FontSets.exe
PID 1652 wrote to memory of 1284	1652	setup.exe	explorer.exe
PID 1652 wrote to memory of 1284	1652	setup.exe	explorer.exe
PID 1652 wrote to memory of 1284	1652	setup.exe	explorer.exe
PID 1652 wrote to memory of 1284	1652	setup.exe	explorer.exe
PID 1652 wrote to memory of 1284	1652	setup.exe	explorer.exe
PID 1652 wrote to memory of 1284	1652	setup.exe	explorer.exe
PID 1652 wrote to memory of 1284	1652	setup.exe	explorer.exe
PID 1020 wrote to memory of 1756	1020	explorer.exe	Typograf.exe
PID 1020 wrote to memory of 1756	1020	explorer.exe	Typograf.exe
PID 1020 wrote to memory of 1756	1020	explorer.exe	Typograf.exe
PID 1020 wrote to memory of 1756	1020	explorer.exe	Typograf.exe

C:\Users\Admin\AppData\Local\Temp\Typograph_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Typograph_Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1360

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
".\setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files (x86)\Typograf\FontSets.exe
"C:\Program Files (x86)\Typograf\FontSets.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:548

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" "C:\Program Files (x86)\Typograf\typograf.exe"
3⤵
PID:1284

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1020

C:\Program Files (x86)\Typograf\Typograf.exe
"C:\Program Files (x86)\Typograf\Typograf.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1756

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Typograf\FontSets.exe
Filesize
553KB

MD5
c9aa5556b6332a4c01885b7b05abe436

SHA1
a82a303fdfff209db517fef5b8f47c6472615a20

SHA256
6f4d3440ca9ae641c4073a6041f5011b86362ef973dd7604513bd7e3c1ca20c7

SHA512
4c66846f405f08b2cff3db579c3326d98697232b26761811be1927369a77f50ef16d0c3c49aa0f12ee8b7b6456d3a488a463e1949b6711912623545436a41570

Download Submit
C:\Program Files (x86)\Typograf\FontSets.exe
Filesize
553KB

MD5
c9aa5556b6332a4c01885b7b05abe436

SHA1
a82a303fdfff209db517fef5b8f47c6472615a20

SHA256
6f4d3440ca9ae641c4073a6041f5011b86362ef973dd7604513bd7e3c1ca20c7

SHA512
4c66846f405f08b2cff3db579c3326d98697232b26761811be1927369a77f50ef16d0c3c49aa0f12ee8b7b6456d3a488a463e1949b6711912623545436a41570

Download Submit
C:\Program Files (x86)\Typograf\Typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
C:\Program Files (x86)\Typograf\Typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
C:\Program Files (x86)\Typograf\Typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
C:\Program Files (x86)\Typograf\atmdll.dll
Filesize
37KB

MD5
97764194fcbda4e9d57851f82e4b3bc9

SHA1
39813a0e6bdd69aa9213ba75d6dfea2680d717be

SHA256
881155bedf3bbf4f1117c1f0befd8196e5c9b98f3c4c88d1a5b16f71e91c23cd

SHA512
73716ba9f4600d63c95547c33fc41678f818ce7f4d2a8ed1b2393aeaaf77de6a6bfc1d95a92b64b3ee27274eddcc73cedf4b8a5b464cdc5577e1ae7df1952af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\BONZAI.TTF
Filesize
20KB

MD5
a2ddeac8c35ca7110825e1a6d99006bd

SHA1
7f8893f9f7f125f3d6f1ac51ae2acae53780b3b9

SHA256
99a1572e549a74a69833af5b874c99201573cd1de2c7a30952845f6f855bab3f

SHA512
e44131b7c18cfdf06960e776968a1bc609bcf2cf0dbb586b2ef30c4fb7978c819e45421a7cf9f97f95f76b274885a1eac0ee805e0e9f6a34012960888f17c7b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\EXMONO.TTF
Filesize
29KB

MD5
8d295a84f6fc962688762fe69d45cee7

SHA1
2070688e9891256991f5513d78d9ad794c5075b6

SHA256
447a97e4ce2fd839a677cfa477b682cd4a416dab6d7b223fd99f95053b03b597

SHA512
8ad86b7c1ecdc4c1b49b50eae31e143ea5eda23e8f9eac0ecf0f90fc15c683d4b1e79f9958a30d85941f019df3c1cfedbe098ae3d945b24b09a3c3cc459f4e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\FontHelper.exe
Filesize
59KB

MD5
5dbcfd9183ee47ce1b9984a431238828

SHA1
546d5f3d2be0ac4a3f4a2b7014fc2d6819b78c30

SHA256
9c487729cfa8229e8c3a2f8d7fbef01c694d87dac40d6bab1bedae85926d17f0

SHA512
e79ac4856e8ba08158550208a920b295e1444a50af0ea5ed3dd2542bc3c1534d1ab43e6c521d1a8c0f48e7a6bcdadb73f7527d5fcb0d440f32e288f4da2bacfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\FontSets.exe
Filesize
553KB

MD5
c9aa5556b6332a4c01885b7b05abe436

SHA1
a82a303fdfff209db517fef5b8f47c6472615a20

SHA256
6f4d3440ca9ae641c4073a6041f5011b86362ef973dd7604513bd7e3c1ca20c7

SHA512
4c66846f405f08b2cff3db579c3326d98697232b26761811be1927369a77f50ef16d0c3c49aa0f12ee8b7b6456d3a488a463e1949b6711912623545436a41570

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\atmdll.dll
Filesize
37KB

MD5
97764194fcbda4e9d57851f82e4b3bc9

SHA1
39813a0e6bdd69aa9213ba75d6dfea2680d717be

SHA256
881155bedf3bbf4f1117c1f0befd8196e5c9b98f3c4c88d1a5b16f71e91c23cd

SHA512
73716ba9f4600d63c95547c33fc41678f818ce7f4d2a8ed1b2393aeaaf77de6a6bfc1d95a92b64b3ee27274eddcc73cedf4b8a5b464cdc5577e1ae7df1952af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\order.txt
Filesize
1KB

MD5
e1e3c4dd594d983b215ffb053b29f813

SHA1
57d7faa5ad947d3a1e9eb73e7f8f81c8a1535d77

SHA256
a8ddffb8c29836b3569e190d017c8f930206727bb20272a71c21321b1b31a614

SHA512
73d9280aede257ece5813350c1ac8177f0629778d3526121f43ca6c334b9e84eb02909476af0a1839041ba8e548b2bd79bb21b0c3e42698398cbc21d3a141eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\readme.txt
Filesize
6KB

MD5
86657bf2663f457fef148e0a6f614d70

SHA1
ee52b9401d0786a87633132354048002dc94f58e

SHA256
4634d53fa16288fe3061ee24ab43ac9c8ed97176819a36f200e54f1e09c8c728

SHA512
7bcccbc85ad5c135cb7f77bd0bdd98db4d81d586b056a7292632e141f9a4de2d393dee21b3904546c78b9f71478b8e0dafd09d3df8d43fa30bc25547b9bac8b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
Filesize
117KB

MD5
7a2ba2348ec30410c3cac084b6c6210a

SHA1
a125cee521241b10f8c43cc66fe054ccf104307b

SHA256
130a7b764e0f49b3ce4a45b2b8a2c795574ae9c66548c341b0ad734ec9a8779c

SHA512
5b84c8c2f0eddfd9a7b7a39f94cc14b124752837be4d8701863d8562a27e01324d007a6e7b327b58a4288e0e5796fa1094c863eb95932e36ca4a4270bbaa93d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
Filesize
117KB

MD5
7a2ba2348ec30410c3cac084b6c6210a

SHA1
a125cee521241b10f8c43cc66fe054ccf104307b

SHA256
130a7b764e0f49b3ce4a45b2b8a2c795574ae9c66548c341b0ad734ec9a8779c

SHA512
5b84c8c2f0eddfd9a7b7a39f94cc14b124752837be4d8701863d8562a27e01324d007a6e7b327b58a4288e0e5796fa1094c863eb95932e36ca4a4270bbaa93d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\typograf.chm
Filesize
354KB

MD5
a0162ad1d5fde6ef57133ee8fc69fff9

SHA1
27672eaff3e6529614abc7b48108c1bbb33c3673

SHA256
44db441c090ba6b1044d764a85bc3551823e0017c1502449b27a67a0d39d2339

SHA512
a1e51249f080a305dc14cce8d182074afc124a129d12cf60856f10d0b5e3cc889e38a45b0067fd20e1c283d8135c8de1c760d52042c24b344ef87205c5e0494e

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\uninstal.exe
Filesize
67KB

MD5
c4b2690b0db4f0839632013b727dbdd4

SHA1
1e43dba9ca2839d8a7fe939a640233b0aadfd9ff

SHA256
b4f490dab427def0a953f182538b4e900d8ac904111fa6160446ce6bc3d144e5

SHA512
8695d6e05b378cb35270943081a94d8a0dc6855d01089190029561d39eb2a83324f6d2a98608b37a72e8766c060c5ecd06ecee8f79c9664523a518be21831d3f

Download Submit
\??\c:\program files (x86)\typograf\BONZAI.TTF
Filesize
20KB

MD5
a2ddeac8c35ca7110825e1a6d99006bd

SHA1
7f8893f9f7f125f3d6f1ac51ae2acae53780b3b9

SHA256
99a1572e549a74a69833af5b874c99201573cd1de2c7a30952845f6f855bab3f

SHA512
e44131b7c18cfdf06960e776968a1bc609bcf2cf0dbb586b2ef30c4fb7978c819e45421a7cf9f97f95f76b274885a1eac0ee805e0e9f6a34012960888f17c7b0

Download Submit
\??\c:\program files (x86)\typograf\EXMONO.TTF
Filesize
29KB

MD5
8d295a84f6fc962688762fe69d45cee7

SHA1
2070688e9891256991f5513d78d9ad794c5075b6

SHA256
447a97e4ce2fd839a677cfa477b682cd4a416dab6d7b223fd99f95053b03b597

SHA512
8ad86b7c1ecdc4c1b49b50eae31e143ea5eda23e8f9eac0ecf0f90fc15c683d4b1e79f9958a30d85941f019df3c1cfedbe098ae3d945b24b09a3c3cc459f4e91

Download Submit
\Program Files (x86)\Typograf\FontSets.exe
Filesize
553KB

MD5
c9aa5556b6332a4c01885b7b05abe436

SHA1
a82a303fdfff209db517fef5b8f47c6472615a20

SHA256
6f4d3440ca9ae641c4073a6041f5011b86362ef973dd7604513bd7e3c1ca20c7

SHA512
4c66846f405f08b2cff3db579c3326d98697232b26761811be1927369a77f50ef16d0c3c49aa0f12ee8b7b6456d3a488a463e1949b6711912623545436a41570

Download Submit
\Program Files (x86)\Typograf\FontSets.exe
Filesize
553KB

MD5
c9aa5556b6332a4c01885b7b05abe436

SHA1
a82a303fdfff209db517fef5b8f47c6472615a20

SHA256
6f4d3440ca9ae641c4073a6041f5011b86362ef973dd7604513bd7e3c1ca20c7

SHA512
4c66846f405f08b2cff3db579c3326d98697232b26761811be1927369a77f50ef16d0c3c49aa0f12ee8b7b6456d3a488a463e1949b6711912623545436a41570

Download Submit
\Program Files (x86)\Typograf\FontSets.exe
Filesize
553KB

MD5
c9aa5556b6332a4c01885b7b05abe436

SHA1
a82a303fdfff209db517fef5b8f47c6472615a20

SHA256
6f4d3440ca9ae641c4073a6041f5011b86362ef973dd7604513bd7e3c1ca20c7

SHA512
4c66846f405f08b2cff3db579c3326d98697232b26761811be1927369a77f50ef16d0c3c49aa0f12ee8b7b6456d3a488a463e1949b6711912623545436a41570

Download Submit
\Program Files (x86)\Typograf\Typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
\Program Files (x86)\Typograf\Typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
\Program Files (x86)\Typograf\atmdll.dll
Filesize
37KB

MD5
97764194fcbda4e9d57851f82e4b3bc9

SHA1
39813a0e6bdd69aa9213ba75d6dfea2680d717be

SHA256
881155bedf3bbf4f1117c1f0befd8196e5c9b98f3c4c88d1a5b16f71e91c23cd

SHA512
73716ba9f4600d63c95547c33fc41678f818ce7f4d2a8ed1b2393aeaaf77de6a6bfc1d95a92b64b3ee27274eddcc73cedf4b8a5b464cdc5577e1ae7df1952af6

Download Submit
\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Typograf.exe
Filesize
926KB

MD5
6ba093cd82eadbb150e8edfb68dbbd66

SHA1
94b1b5e79a8fa034b71374d259e8a6fe507211a1

SHA256
d2b2831fdabda5384e777659e750ceb6ed7e6e145137873d482f0703f33e62a1

SHA512
61784b56367a59099ce429c7cfd67f5f00bb642e4c0e30e69f829c110ad74786a7077b35bef934fc50ac4c195d83c861a0fc335731cf8474400dce498e75e226

Download Submit
\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
Filesize
117KB

MD5
7a2ba2348ec30410c3cac084b6c6210a

SHA1
a125cee521241b10f8c43cc66fe054ccf104307b

SHA256
130a7b764e0f49b3ce4a45b2b8a2c795574ae9c66548c341b0ad734ec9a8779c

SHA512
5b84c8c2f0eddfd9a7b7a39f94cc14b124752837be4d8701863d8562a27e01324d007a6e7b327b58a4288e0e5796fa1094c863eb95932e36ca4a4270bbaa93d6

Download Submit
memory/548-133-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1652-73-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1652-77-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1652-72-0x00000000024F0000-0x0000000002780000-memory.dmp

Filesize
2.6MB

Download
memory/1652-118-0x0000000003260000-0x0000000003270000-memory.dmp

Filesize
64KB

Download
memory/1652-119-0x0000000003260000-0x0000000003270000-memory.dmp

Filesize
64KB

Download
memory/1652-122-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1756-127-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1756-129-0x0000000002160000-0x0000000002162000-memory.dmp

Filesize
8KB

Download
memory/1756-130-0x0000000002080000-0x0000000002084000-memory.dmp

Filesize
16KB

Download
memory/1756-128-0x0000000000400000-0x0000000000690000-memory.dmp

Filesize
2.6MB

Download
memory/1756-126-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1756-125-0x0000000002090000-0x0000000002094000-memory.dmp

Filesize
16KB

Download
memory/1756-134-0x0000000000400000-0x0000000000690000-memory.dmp

Filesize
2.6MB

Download
memory/1756-136-0x0000000000400000-0x0000000000690000-memory.dmp

Filesize
2.6MB

Download
memory/1756-137-0x0000000000400000-0x0000000000690000-memory.dmp

Filesize
2.6MB

Download
memory/1756-139-0x0000000000400000-0x0000000000690000-memory.dmp

Filesize
2.6MB

Download
memory/1756-141-0x0000000000400000-0x0000000000690000-memory.dmp

Filesize
2.6MB

Download
memory/1756-143-0x0000000000400000-0x0000000000690000-memory.dmp

Filesize
2.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads