Analysis
-
max time kernel
61s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 19:25
Static task
static1
Behavioral task
behavioral1
Sample
tv.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tv.exe
Resource
win10v2004-20230220-en
General
-
Target
tv.exe
-
Size
40.3MB
-
MD5
c8c6692a2bdc9d362f7370e63188927c
-
SHA1
74bff8889fc24b8a3bc2a7076ef344a361dced7a
-
SHA256
5382c8f1ba894ca640bac19559d50aee07a5c4255028ce83bcdd642957ea3e1a
-
SHA512
53a35769dbc3b71cb1545d100b815c9abcb9fbcb50da6909358f0624e07e32dfee33a5a8cbabbb7d217111f19dd4719759920d0a6e246a9851bad795137e108c
-
SSDEEP
786432:O0Wkxr+c26TGFS7yZrTjhNJHVt3DKMfmeUMhimMjRlsw77D9hNhez:hzk6TWSGZ9TTnmZNOc7xhNhez
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1992 TeamViewer_.exe -
Loads dropped DLL 23 IoCs
pid Process 1268 tv.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe 1992 TeamViewer_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1268 wrote to memory of 1992 1268 tv.exe 85 PID 1268 wrote to memory of 1992 1268 tv.exe 85 PID 1268 wrote to memory of 1992 1268 tv.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\tv.exe"C:\Users\Admin\AppData\Local\Temp\tv.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1268 -
C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1992
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39.5MB
MD5af7555aff8a9a3d97a5486642b6303bd
SHA1fa1d8883c6e93bd524b4905fd4e1a467d6221f22
SHA2561d66ce0598f81de7fd499deaf91ae638f428908870d6857abb87b266549d84b6
SHA51200f4fa7313a88230db8437498ba3091a3f41b247e2fb9d935818f5fa6ac1df4ffa2bace59f1cc02647b9de59eda122d98d315e4e5a6f8cf2cc3a8d4d81a8c925
-
Filesize
39.5MB
MD5af7555aff8a9a3d97a5486642b6303bd
SHA1fa1d8883c6e93bd524b4905fd4e1a467d6221f22
SHA2561d66ce0598f81de7fd499deaf91ae638f428908870d6857abb87b266549d84b6
SHA51200f4fa7313a88230db8437498ba3091a3f41b247e2fb9d935818f5fa6ac1df4ffa2bace59f1cc02647b9de59eda122d98d315e4e5a6f8cf2cc3a8d4d81a8c925
-
Filesize
32B
MD58dc7b09b9fbcd5fd96c3a8bdf3bad902
SHA15ac23bc1570874becc04e78ecdd855461e42e10d
SHA2568732d50f90c1abdd2a044951870a16ce3f906e933cf8c8cf5ecd76bfc38590dc
SHA512affeb53a0c0dfaf59a757718009151099ea8914ead3f1fd028d7b72e22c39c5393161ad1e7cd76a0505b5dc6ba4608d60ec1679334d15dcac1b36bb0062eb863
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
15KB
MD5033ee34c40e8fa85bf2739bcb2f3e186
SHA12ca942f35f77f37df3fc6097acac34f2e77341b7
SHA256c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7
SHA5122204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f
-
Filesize
11KB
MD50ff2d70cfdc8095ea99ca2dabbec3cd7
SHA110c51496d37cecd0e8a503a5a9bb2329d9b38116
SHA256982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
SHA512cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
-
Filesize
222KB
MD5b9e0c430596b2435971079edd15d3f0c
SHA1fc214c6757e3539729e42f754c6b9768fd44a942
SHA256c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e
SHA51293dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b
-
Filesize
222KB
MD5b9e0c430596b2435971079edd15d3f0c
SHA1fc214c6757e3539729e42f754c6b9768fd44a942
SHA256c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e
SHA51293dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b
-
Filesize
222KB
MD5b9e0c430596b2435971079edd15d3f0c
SHA1fc214c6757e3539729e42f754c6b9768fd44a942
SHA256c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e
SHA51293dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b
-
Filesize
222KB
MD5b9e0c430596b2435971079edd15d3f0c
SHA1fc214c6757e3539729e42f754c6b9768fd44a942
SHA256c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e
SHA51293dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b
-
Filesize
222KB
MD5b9e0c430596b2435971079edd15d3f0c
SHA1fc214c6757e3539729e42f754c6b9768fd44a942
SHA256c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e
SHA51293dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b
-
Filesize
222KB
MD5b9e0c430596b2435971079edd15d3f0c
SHA1fc214c6757e3539729e42f754c6b9768fd44a942
SHA256c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e
SHA51293dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b
-
Filesize
4KB
MD59b0db6a6056e8e51ac35e602aeab769f
SHA1b541c6d2635141cdc3a74f59d55db8df4a92e7ac
SHA256925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c
SHA51283fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6
-
Filesize
4KB
MD59b0db6a6056e8e51ac35e602aeab769f
SHA1b541c6d2635141cdc3a74f59d55db8df4a92e7ac
SHA256925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c
SHA51283fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6
-
Filesize
4KB
MD59b0db6a6056e8e51ac35e602aeab769f
SHA1b541c6d2635141cdc3a74f59d55db8df4a92e7ac
SHA256925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c
SHA51283fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6
-
Filesize
4KB
MD59b0db6a6056e8e51ac35e602aeab769f
SHA1b541c6d2635141cdc3a74f59d55db8df4a92e7ac
SHA256925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c
SHA51283fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6
-
Filesize
4KB
MD59b0db6a6056e8e51ac35e602aeab769f
SHA1b541c6d2635141cdc3a74f59d55db8df4a92e7ac
SHA256925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c
SHA51283fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6
-
Filesize
1KB
MD5f68824a4130ebaf6bc7ab0f62256d7d7
SHA140af19a0d92b3c9e1a8b1eaab7d12c69e5df436a
SHA256cd8149a2e89373075ee6db800b7f2496bacbfe21b23e4a06a3453632503b3965
SHA5126a173aaa183be0e5a516cad484802dae1fc53a414f870f93ea846a9ef9f9df35153766ef632eb5e8ced8f94c2ed09a9decdf3465d46b0dcc44a6918d88e242cb
-
Filesize
45KB
MD54ac3f0ab2e423515ed9c575333342054
SHA1a3e4f2b2135157f964d471564044b023a64f2532
SHA256f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9
SHA5128fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5
-
Filesize
45KB
MD54ac3f0ab2e423515ed9c575333342054
SHA1a3e4f2b2135157f964d471564044b023a64f2532
SHA256f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9
SHA5128fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5
-
Filesize
2KB
MD51b3f9ebf0d46f0c22cd4fa2c9fdccd5d
SHA1a5fd1761726612ac8fe2bbf02e0d1096981c461c
SHA256439a45e67721a201663839a0b32bddb6de770894e60a8a0f3c863025f3aad6cf
SHA512e01674202de2c56aa93d18869b38e1ea2ab05f81e2484c5cee1398dd2228ef3572d45996e8379edeb9f06c575cf75a6fef3dbdb291b404f94573327ccfd7ad9f
-
Filesize
2KB
MD5bddaa786ecd0be186e4648f26c78c1e3
SHA1a08e22358079799845bd28e6e9d59364eec504af
SHA256feb09fb9d581bca2713ff3fe098d3396c579d09e4234140ff852bdb482f73d97
SHA512d66bc2f35846e2485d27bb1a2034a053826097105272b13670cdd0037dc44e6bf3787fcc023a2a2425f81c9330d4b892656c601552403ab5258778c4d824da25
-
Filesize
2KB
MD5d6f1c4fdcc70ec7e7d67000644cb2fd6
SHA1070598b582d70798295928c98ac557340e31654f
SHA2563f0782b54e6eb7eed060eaad0468779feaaa7171723bc73dba305adc6398f91a
SHA512b766c28fb5f396d890e291f0905570902bd83e8d9630a69ea65e5f8a0bec58387cfc336ec5cb306e7a001cb5b29f52a0adb766b2e52d4c8e1b4709ccfb8c22d5
-
Filesize
2KB
MD5a825a2995fe8e7a2bc4363afb488a0ff
SHA14f8d1cb49930c4d563965e5e39825a9291e36770
SHA256a8930bcf3849e3943e4b2a4db3e50694c7283ec777fcfe2117eec782a10307ed
SHA512834641276ce8a8fcb7abe90a05d3a13019b8980ebd8eb604acda20a5e719bddea44c533f0df305775b0bc5eca883e48e42f8538bbb8b746a5810e26b0b1e8e19
-
Filesize
203KB
MD5465ad8b483c5e8bbfee17aa15ea3b488
SHA1ad984431df286cd6c10796b49c248e6afb4d55bf
SHA256943149b2cf028bbe593375e255ed834c129f97ed2dab9c3779d871446dc177df
SHA5128c137cff4aeeee2556233a07d7df9c183c38a36c40d904a89f22d73cc13b3941d71708da89dfe908f335f6c39e4c70b376dd437924e15ac697876f612bdf01d6