Analysis
-
max time kernel
71s -
max time network
84s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
31-03-2023 20:41
Static task
static1
Behavioral task
behavioral1
Sample
MCreator.2023.1.Windows.64bit.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
MCreator.2023.1.Windows.64bit.exe
Resource
win10v2004-20230221-en
General
-
Target
MCreator.2023.1.Windows.64bit.exe
-
Size
226.2MB
-
MD5
249b8ea8075cfc731ffe17e656ef91b6
-
SHA1
c7fb2e6abd3fc17b07294294ae6672db7e5114a4
-
SHA256
c5df7e16841afed0a82b8a4d37ca5a0fd09a7385dd6597c80ba60d341927f4a6
-
SHA512
157d10b84dfa37f7a34104bb15472b037a42eab304df778d0851ae4eb4a48b52f8e5087ee341d0ff7636dc77329050a4c214d2cc1c0a466eb650e5397bf54ab0
-
SSDEEP
6291456:YFnbAQd4nExIyC5zZuFM8CjLKRx17fPLNMcQ:YN0qSuu8Cf41ZQ
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
MCreator.2023.1.Windows.64bit.exepid process 2540 MCreator.2023.1.Windows.64bit.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsdD046.tmp\nsDialogs.dllFilesize
14KB
MD58f45e78d9d02ca8a9f9c274a8bfe2a57
SHA19b3838e1d2d4fbc1c84e1252747e96aa1b223d83
SHA25678f9594721361fd3415b8c5194f9c9b87c580d6a70ddb95f2c4743c61ce68ebe
SHA512125f1bcf833e0c233ebee552c164d9726769f06e5163467888abea08048fdae60a94b903ef97ba82ca9cf684f3c027d9605d54e9efe794df3e452f9b20e4ca96
-
memory/2540-143-0x0000000000400000-0x0000000000468000-memory.dmpFilesize
416KB
-
memory/2540-144-0x0000000074300000-0x000000007430C000-memory.dmpFilesize
48KB