Analysis

  • max time kernel
    71s
  • max time network
    84s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-03-2023 20:41

General

  • Target

    MCreator.2023.1.Windows.64bit.exe

  • Size

    226.2MB

  • MD5

    249b8ea8075cfc731ffe17e656ef91b6

  • SHA1

    c7fb2e6abd3fc17b07294294ae6672db7e5114a4

  • SHA256

    c5df7e16841afed0a82b8a4d37ca5a0fd09a7385dd6597c80ba60d341927f4a6

  • SHA512

    157d10b84dfa37f7a34104bb15472b037a42eab304df778d0851ae4eb4a48b52f8e5087ee341d0ff7636dc77329050a4c214d2cc1c0a466eb650e5397bf54ab0

  • SSDEEP

    6291456:YFnbAQd4nExIyC5zZuFM8CjLKRx17fPLNMcQ:YN0qSuu8Cf41ZQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\MCreator.2023.1.Windows.64bit.exe
    "C:\Users\Admin\AppData\Local\Temp\MCreator.2023.1.Windows.64bit.exe"
    1⤵
    • Loads dropped DLL
    PID:2540

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsdD046.tmp\nsDialogs.dll
    Filesize

    14KB

    MD5

    8f45e78d9d02ca8a9f9c274a8bfe2a57

    SHA1

    9b3838e1d2d4fbc1c84e1252747e96aa1b223d83

    SHA256

    78f9594721361fd3415b8c5194f9c9b87c580d6a70ddb95f2c4743c61ce68ebe

    SHA512

    125f1bcf833e0c233ebee552c164d9726769f06e5163467888abea08048fdae60a94b903ef97ba82ca9cf684f3c027d9605d54e9efe794df3e452f9b20e4ca96

  • memory/2540-143-0x0000000000400000-0x0000000000468000-memory.dmp
    Filesize

    416KB

  • memory/2540-144-0x0000000074300000-0x000000007430C000-memory.dmp
    Filesize

    48KB