Analysis

  • max time kernel
    61s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-04-2023 19:25

General

  • Target

    tv.exe

  • Size

    40.3MB

  • MD5

    c8c6692a2bdc9d362f7370e63188927c

  • SHA1

    74bff8889fc24b8a3bc2a7076ef344a361dced7a

  • SHA256

    5382c8f1ba894ca640bac19559d50aee07a5c4255028ce83bcdd642957ea3e1a

  • SHA512

    53a35769dbc3b71cb1545d100b815c9abcb9fbcb50da6909358f0624e07e32dfee33a5a8cbabbb7d217111f19dd4719759920d0a6e246a9851bad795137e108c

  • SSDEEP

    786432:O0Wkxr+c26TGFS7yZrTjhNJHVt3DKMfmeUMhimMjRlsw77D9hNhez:hzk6TWSGZ9TTnmZNOc7xhNhez

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 23 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tv.exe
    "C:\Users\Admin\AppData\Local\Temp\tv.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
      "C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

    Filesize

    39.5MB

    MD5

    af7555aff8a9a3d97a5486642b6303bd

    SHA1

    fa1d8883c6e93bd524b4905fd4e1a467d6221f22

    SHA256

    1d66ce0598f81de7fd499deaf91ae638f428908870d6857abb87b266549d84b6

    SHA512

    00f4fa7313a88230db8437498ba3091a3f41b247e2fb9d935818f5fa6ac1df4ffa2bace59f1cc02647b9de59eda122d98d315e4e5a6f8cf2cc3a8d4d81a8c925

  • C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

    Filesize

    39.5MB

    MD5

    af7555aff8a9a3d97a5486642b6303bd

    SHA1

    fa1d8883c6e93bd524b4905fd4e1a467d6221f22

    SHA256

    1d66ce0598f81de7fd499deaf91ae638f428908870d6857abb87b266549d84b6

    SHA512

    00f4fa7313a88230db8437498ba3091a3f41b247e2fb9d935818f5fa6ac1df4ffa2bace59f1cc02647b9de59eda122d98d315e4e5a6f8cf2cc3a8d4d81a8c925

  • C:\Users\Admin\AppData\Local\Temp\TeamViewer\tvinfo.ini

    Filesize

    32B

    MD5

    8dc7b09b9fbcd5fd96c3a8bdf3bad902

    SHA1

    5ac23bc1570874becc04e78ecdd855461e42e10d

    SHA256

    8732d50f90c1abdd2a044951870a16ce3f906e933cf8c8cf5ecd76bfc38590dc

    SHA512

    affeb53a0c0dfaf59a757718009151099ea8914ead3f1fd028d7b72e22c39c5393161ad1e7cd76a0505b5dc6ba4608d60ec1679334d15dcac1b36bb0062eb863

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\InstallOptions.dll

    Filesize

    15KB

    MD5

    033ee34c40e8fa85bf2739bcb2f3e186

    SHA1

    2ca942f35f77f37df3fc6097acac34f2e77341b7

    SHA256

    c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

    SHA512

    2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\System.dll

    Filesize

    11KB

    MD5

    0ff2d70cfdc8095ea99ca2dabbec3cd7

    SHA1

    10c51496d37cecd0e8a503a5a9bb2329d9b38116

    SHA256

    982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

    SHA512

    cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\TvGetVersion.dll

    Filesize

    222KB

    MD5

    b9e0c430596b2435971079edd15d3f0c

    SHA1

    fc214c6757e3539729e42f754c6b9768fd44a942

    SHA256

    c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e

    SHA512

    93dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\TvGetVersion.dll

    Filesize

    222KB

    MD5

    b9e0c430596b2435971079edd15d3f0c

    SHA1

    fc214c6757e3539729e42f754c6b9768fd44a942

    SHA256

    c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e

    SHA512

    93dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\TvGetVersion.dll

    Filesize

    222KB

    MD5

    b9e0c430596b2435971079edd15d3f0c

    SHA1

    fc214c6757e3539729e42f754c6b9768fd44a942

    SHA256

    c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e

    SHA512

    93dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\TvGetVersion.dll

    Filesize

    222KB

    MD5

    b9e0c430596b2435971079edd15d3f0c

    SHA1

    fc214c6757e3539729e42f754c6b9768fd44a942

    SHA256

    c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e

    SHA512

    93dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\TvGetVersion.dll

    Filesize

    222KB

    MD5

    b9e0c430596b2435971079edd15d3f0c

    SHA1

    fc214c6757e3539729e42f754c6b9768fd44a942

    SHA256

    c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e

    SHA512

    93dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\TvGetVersion.dll

    Filesize

    222KB

    MD5

    b9e0c430596b2435971079edd15d3f0c

    SHA1

    fc214c6757e3539729e42f754c6b9768fd44a942

    SHA256

    c1ec07d1faf59ecdc0c8c1cd258b2feb6d41321471a8c1b10b00100c7106bd7e

    SHA512

    93dc70fc6fcc4c0f4bc5fc5819446dc465360ef459a0be408bd07a78229f297da12d602b0667145d9716514e8f3da3582b1c4c0e3e9524e39c4a0c8fe7d4e25b

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    9b0db6a6056e8e51ac35e602aeab769f

    SHA1

    b541c6d2635141cdc3a74f59d55db8df4a92e7ac

    SHA256

    925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

    SHA512

    83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    9b0db6a6056e8e51ac35e602aeab769f

    SHA1

    b541c6d2635141cdc3a74f59d55db8df4a92e7ac

    SHA256

    925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

    SHA512

    83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    9b0db6a6056e8e51ac35e602aeab769f

    SHA1

    b541c6d2635141cdc3a74f59d55db8df4a92e7ac

    SHA256

    925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

    SHA512

    83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    9b0db6a6056e8e51ac35e602aeab769f

    SHA1

    b541c6d2635141cdc3a74f59d55db8df4a92e7ac

    SHA256

    925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

    SHA512

    83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    9b0db6a6056e8e51ac35e602aeab769f

    SHA1

    b541c6d2635141cdc3a74f59d55db8df4a92e7ac

    SHA256

    925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

    SHA512

    83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\advanced_unicode.ini

    Filesize

    1KB

    MD5

    f68824a4130ebaf6bc7ab0f62256d7d7

    SHA1

    40af19a0d92b3c9e1a8b1eaab7d12c69e5df436a

    SHA256

    cd8149a2e89373075ee6db800b7f2496bacbfe21b23e4a06a3453632503b3965

    SHA512

    6a173aaa183be0e5a516cad484802dae1fc53a414f870f93ea846a9ef9f9df35153766ef632eb5e8ced8f94c2ed09a9decdf3465d46b0dcc44a6918d88e242cb

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\linker.dll

    Filesize

    45KB

    MD5

    4ac3f0ab2e423515ed9c575333342054

    SHA1

    a3e4f2b2135157f964d471564044b023a64f2532

    SHA256

    f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

    SHA512

    8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\linker.dll

    Filesize

    45KB

    MD5

    4ac3f0ab2e423515ed9c575333342054

    SHA1

    a3e4f2b2135157f964d471564044b023a64f2532

    SHA256

    f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

    SHA512

    8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\start_unicode.ini

    Filesize

    2KB

    MD5

    1b3f9ebf0d46f0c22cd4fa2c9fdccd5d

    SHA1

    a5fd1761726612ac8fe2bbf02e0d1096981c461c

    SHA256

    439a45e67721a201663839a0b32bddb6de770894e60a8a0f3c863025f3aad6cf

    SHA512

    e01674202de2c56aa93d18869b38e1ea2ab05f81e2484c5cee1398dd2228ef3572d45996e8379edeb9f06c575cf75a6fef3dbdb291b404f94573327ccfd7ad9f

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\start_unicode.ini

    Filesize

    2KB

    MD5

    bddaa786ecd0be186e4648f26c78c1e3

    SHA1

    a08e22358079799845bd28e6e9d59364eec504af

    SHA256

    feb09fb9d581bca2713ff3fe098d3396c579d09e4234140ff852bdb482f73d97

    SHA512

    d66bc2f35846e2485d27bb1a2034a053826097105272b13670cdd0037dc44e6bf3787fcc023a2a2425f81c9330d4b892656c601552403ab5258778c4d824da25

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\start_unicode.ini

    Filesize

    2KB

    MD5

    d6f1c4fdcc70ec7e7d67000644cb2fd6

    SHA1

    070598b582d70798295928c98ac557340e31654f

    SHA256

    3f0782b54e6eb7eed060eaad0468779feaaa7171723bc73dba305adc6398f91a

    SHA512

    b766c28fb5f396d890e291f0905570902bd83e8d9630a69ea65e5f8a0bec58387cfc336ec5cb306e7a001cb5b29f52a0adb766b2e52d4c8e1b4709ccfb8c22d5

  • C:\Users\Admin\AppData\Local\Temp\nshE66F.tmp\start_unicode.ini

    Filesize

    2KB

    MD5

    a825a2995fe8e7a2bc4363afb488a0ff

    SHA1

    4f8d1cb49930c4d563965e5e39825a9291e36770

    SHA256

    a8930bcf3849e3943e4b2a4db3e50694c7283ec777fcfe2117eec782a10307ed

    SHA512

    834641276ce8a8fcb7abe90a05d3a13019b8980ebd8eb604acda20a5e719bddea44c533f0df305775b0bc5eca883e48e42f8538bbb8b746a5810e26b0b1e8e19

  • C:\Users\Admin\AppData\Local\Temp\nslCB54.tmp\TvGetVersion.dll

    Filesize

    203KB

    MD5

    465ad8b483c5e8bbfee17aa15ea3b488

    SHA1

    ad984431df286cd6c10796b49c248e6afb4d55bf

    SHA256

    943149b2cf028bbe593375e255ed834c129f97ed2dab9c3779d871446dc177df

    SHA512

    8c137cff4aeeee2556233a07d7df9c183c38a36c40d904a89f22d73cc13b3941d71708da89dfe908f335f6c39e4c70b376dd437924e15ac697876f612bdf01d6

  • memory/1992-401-0x0000000008BC0000-0x0000000008BCE000-memory.dmp

    Filesize

    56KB