6f378db45311af48c29fbd47550e7c181c748c1dab76cadd1f1f1c872ad288c8

Analysis

max time kernel
7s
max time network
8s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
28/06/2023, 01:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Transformice.exe
Size

268KB
MD5

e0d19351dd3e1d5361def38659318249
SHA1

e6824969ebea151c77080b445ac416b56dd8630d
SHA256

6f378db45311af48c29fbd47550e7c181c748c1dab76cadd1f1f1c872ad288c8
SHA512

a684739e9f9283f1ad6dea9747fe46fd2feb9fb7854d128cd34b3543109cfc7c1f9cd21890ca27e55afd88d082ba81507eb3382968ba09cd33afc8208f33ec4b
SSDEEP

6144:H8kH/SHiLWb1mTBxtLEviICT5N5sbPkSiqTT1Ues0ALg2Wq9ZwG69ih:ckHRLWb1mT1LEv25bwbiu1UesXsrq9ZP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1108	Install Transformice.exe

Loads dropped DLL 4 IoCs

pid	Process
1744	Transformice.exe
1744	Transformice.exe
1744	Transformice.exe
1744	Transformice.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 1108	1744	Transformice.exe	28
PID 1744 wrote to memory of 1108	1744	Transformice.exe	28
PID 1744 wrote to memory of 1108	1744	Transformice.exe	28
PID 1744 wrote to memory of 1108	1744	Transformice.exe	28
PID 1744 wrote to memory of 1108	1744	Transformice.exe	28
PID 1744 wrote to memory of 1108	1744	Transformice.exe	28
PID 1744 wrote to memory of 1108	1744	Transformice.exe	28

C:\Users\Admin\AppData\Local\Temp\Transformice.exe
"C:\Users\Admin\AppData\Local\Temp\Transformice.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe
  "C:\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe"
  2⤵
  - Executes dropped EXE
  PID:1108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\.launch

Filesize
24B

MD5
71100a118618ca9623f517d7468278d1

SHA1
d0bca87f671fc06774cb667cf8bef962a0278ccc

SHA256
307a9865fd68d697675818cbd36f386102aae93b3ffc9526fa44deb0e541f2f0

SHA512
0a1f22d1e03f6af658d6c0377238c48b8a99adc1eaa3137cfd6def40f655762cca40e7b48ad2a77dd53b869b333300a7c68762da3feeee86e7c4837416679ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe

Filesize
130KB

MD5
a5da8ba949718507dfda7a816326fdbe

SHA1
3af561103bfb62fb580ab44954cd56c0aefc275f

SHA256
75eadf5339a379e93627e0a6659939d7b4f22b60849d8b906900255564ecb494

SHA512
073decc81a69fe60ee059ac086434738e702fdee078a65f1497c54d9106665687ed88b60e29ad3d750bcd1447d1ed117095941232e6c1919c2e14511befaf5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe

Filesize
130KB

MD5
a5da8ba949718507dfda7a816326fdbe

SHA1
3af561103bfb62fb580ab44954cd56c0aefc275f

SHA256
75eadf5339a379e93627e0a6659939d7b4f22b60849d8b906900255564ecb494

SHA512
073decc81a69fe60ee059ac086434738e702fdee078a65f1497c54d9106665687ed88b60e29ad3d750bcd1447d1ed117095941232e6c1919c2e14511befaf5c6

Download Submit
\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe

Filesize
130KB

MD5
a5da8ba949718507dfda7a816326fdbe

SHA1
3af561103bfb62fb580ab44954cd56c0aefc275f

SHA256
75eadf5339a379e93627e0a6659939d7b4f22b60849d8b906900255564ecb494

SHA512
073decc81a69fe60ee059ac086434738e702fdee078a65f1497c54d9106665687ed88b60e29ad3d750bcd1447d1ed117095941232e6c1919c2e14511befaf5c6

Download Submit
\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe

Filesize
130KB

MD5
a5da8ba949718507dfda7a816326fdbe

SHA1
3af561103bfb62fb580ab44954cd56c0aefc275f

SHA256
75eadf5339a379e93627e0a6659939d7b4f22b60849d8b906900255564ecb494

SHA512
073decc81a69fe60ee059ac086434738e702fdee078a65f1497c54d9106665687ed88b60e29ad3d750bcd1447d1ed117095941232e6c1919c2e14511befaf5c6

Download Submit
\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe

Filesize
130KB

MD5
a5da8ba949718507dfda7a816326fdbe

SHA1
3af561103bfb62fb580ab44954cd56c0aefc275f

SHA256
75eadf5339a379e93627e0a6659939d7b4f22b60849d8b906900255564ecb494

SHA512
073decc81a69fe60ee059ac086434738e702fdee078a65f1497c54d9106665687ed88b60e29ad3d750bcd1447d1ed117095941232e6c1919c2e14511befaf5c6

Download Submit
\Users\Admin\AppData\Local\Temp\AIR1C6.tmp\Install Transformice.exe

Filesize
130KB

MD5
a5da8ba949718507dfda7a816326fdbe

SHA1
3af561103bfb62fb580ab44954cd56c0aefc275f

SHA256
75eadf5339a379e93627e0a6659939d7b4f22b60849d8b906900255564ecb494

SHA512
073decc81a69fe60ee059ac086434738e702fdee078a65f1497c54d9106665687ed88b60e29ad3d750bcd1447d1ed117095941232e6c1919c2e14511befaf5c6

Download Submit