265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03/08/2023, 08:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
Size

1.4MB
MD5

aae8401f0752eda6d9a93cc853a2d34e
SHA1

824c0d41a794676faeb4ea0e8d2a46dc195801ca
SHA256

265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d
SHA512

a625351db6a878bc1b28787f672672eed200952f5bfc2918a8b87b7f4aa399fcd5c36da862c40b8c4a4dfefcc30eb09f7bd198978f033899e66d9ea4ace8af24
SSDEEP

24576:ukWAAuqEu95tDMkOmO0BQQ9Dq3voD6DHs4AUFnrGptsmBVaEAIudJqbTd5EA71rL:uky5G9mO0+GDmgWV9OtsmTaEj8EEC0M

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2868	DRMEncV4.2.v.exe

Loads dropped DLL 1 IoCs

pid	Process
1812	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe

Drops file in Program Files directory 42 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DRMEncV4.2.v\__tmp_rar_sfx_access_check_259430271	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\CommonObjects.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\FilterAPI.DLL	DRMEncV4.2.v.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\FilterAPI.DLL	DRMEncV4.2.v.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\FilterControl.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\ico.ico	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\CommonObjects.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\ico.ico	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\EaseFlt.sys	DRMEncV4.2.v.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\FilterControl.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 2868	1812	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe	28
PID 1812 wrote to memory of 2868	1812	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe	28
PID 1812 wrote to memory of 2868	1812	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe	28
PID 1812 wrote to memory of 2868	1812	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe	28

C:\Users\Admin\AppData\Local\Temp\265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
"C:\Users\Admin\AppData\Local\Temp\265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe
  "C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\EaseFlt.sys

Filesize
195KB

MD5
fbe986f1304a297891326976452df4b0

SHA1
cf3f5675db490f3fc4c30fd61de7ae00dc5f0c10

SHA256
be9455c85cd2b48eb6a9a0e2005554cb74279a639e0a6b46432b4a53f442788d

SHA512
97c8d0cbef29b5f33d2ad17cfd1760e516aa88c47ce9c5a99b5941bd8c2e394746d033a75e635af523339b94069795aa878302cd8ed5f9d6965497a98fe0c101

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.DLL

Filesize
305KB

MD5
a11c1b829b984fc1a7bb21f35cbef422

SHA1
fc21f642b66b31aa87ee585448f22975ebb4ec5a

SHA256
76d92be21a0924255bcab7e000f68a34673301a7e078e53be1f8dbfddb879f94

SHA512
c6e31f483f5f2e5ecf0864664cc7b808e740d04740325414a59184eca5ca99c5184765a34e9f9d20a97bfe443f67ac20fc02589734547b37b4eff288e05f47fd

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\CommonObjects.dll

Filesize
308KB

MD5
43cbd3a61e00310ab2e5166768499110

SHA1
4fed74d1e9d013a54b26ddf008c68dd0d39cfb94

SHA256
27ebced71ce9ac2390b2190d054baf680814c2376561a3e2edb666e2fc1fc48a

SHA512
63cde88a8c1d4121b0a0fcf0717f60e1b92580f3f62f95a1352c2502fe560511c7f14504c5a131979ed2fb20f4f417f11bb9e1a2566a30569f93f4bd4e1b357d

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe

Filesize
745KB

MD5
e64d36098230c17f914c3e6fd5a1b600

SHA1
bd7807df252ba29609266c376c8c870d05ed27c4

SHA256
000fa5c188720fafd3a83f9b45193b533edc531acac8e60314bfe932bff9bc9d

SHA512
1fa4f1fe8d3478d84fcd48174cd97a1cce0efd4342840d73a4a27bc1b95346b610bd6021285c3b88b94d58d542d2c3e0f0c926cd1c2ea60c54b21981029b1337

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe

Filesize
745KB

MD5
e64d36098230c17f914c3e6fd5a1b600

SHA1
bd7807df252ba29609266c376c8c870d05ed27c4

SHA256
000fa5c188720fafd3a83f9b45193b533edc531acac8e60314bfe932bff9bc9d

SHA512
1fa4f1fe8d3478d84fcd48174cd97a1cce0efd4342840d73a4a27bc1b95346b610bd6021285c3b88b94d58d542d2c3e0f0c926cd1c2ea60c54b21981029b1337

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\FilterAPI.DLL

Filesize
305KB

MD5
a11c1b829b984fc1a7bb21f35cbef422

SHA1
fc21f642b66b31aa87ee585448f22975ebb4ec5a

SHA256
76d92be21a0924255bcab7e000f68a34673301a7e078e53be1f8dbfddb879f94

SHA512
c6e31f483f5f2e5ecf0864664cc7b808e740d04740325414a59184eca5ca99c5184765a34e9f9d20a97bfe443f67ac20fc02589734547b37b4eff288e05f47fd

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\FilterControl.dll

Filesize
176KB

MD5
69399aa3082763d0241561261a267990

SHA1
b33f4265e46dd0833a54467f7f58f19d987e9bdf

SHA256
81430c9c365d61696c6b38e98b3209caac54b4b249cb1a1454171fbabb213aac

SHA512
1aba859fb0d414c2b1d2fdf62d3fb38668dbe92398dd5d2bca49695d2fead7b84a74ddedf29d0e9076be0908050beb24c3c54069f28467640cb8a56ae8e3f639

Download Submit
\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe

Filesize
745KB

MD5
e64d36098230c17f914c3e6fd5a1b600

SHA1
bd7807df252ba29609266c376c8c870d05ed27c4

SHA256
000fa5c188720fafd3a83f9b45193b533edc531acac8e60314bfe932bff9bc9d

SHA512
1fa4f1fe8d3478d84fcd48174cd97a1cce0efd4342840d73a4a27bc1b95346b610bd6021285c3b88b94d58d542d2c3e0f0c926cd1c2ea60c54b21981029b1337

Download Submit
memory/2868-93-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2868-97-0x00000000004B0000-0x00000000004DE000-memory.dmp

Filesize
184KB

Download
memory/2868-95-0x000000001AF90000-0x000000001B010000-memory.dmp

Filesize
512KB

Download
memory/2868-99-0x0000000000620000-0x0000000000670000-memory.dmp

Filesize
320KB

Download
memory/2868-94-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2868-92-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2868-91-0x0000000000030000-0x00000000000E4000-memory.dmp

Filesize
720KB

Download
memory/2868-104-0x0000000000670000-0x0000000000696000-memory.dmp

Filesize
152KB

Download
memory/2868-105-0x000000001AF90000-0x000000001B010000-memory.dmp

Filesize
512KB

Download
memory/2868-106-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2868-107-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2868-108-0x000000001AF90000-0x000000001B010000-memory.dmp

Filesize
512KB

Download