265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 08:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
Size

1.4MB
MD5

aae8401f0752eda6d9a93cc853a2d34e
SHA1

824c0d41a794676faeb4ea0e8d2a46dc195801ca
SHA256

265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d
SHA512

a625351db6a878bc1b28787f672672eed200952f5bfc2918a8b87b7f4aa399fcd5c36da862c40b8c4a4dfefcc30eb09f7bd198978f033899e66d9ea4ace8af24
SSDEEP

24576:ukWAAuqEu95tDMkOmO0BQQ9Dq3voD6DHs4AUFnrGptsmBVaEAIudJqbTd5EA71rL:uky5G9mO0+GDmgWV9OtsmTaEj8EEC0M

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1696	DRMEncV4.2.v.exe

Drops file in Program Files directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\CommonObjects.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\__tmp_rar_sfx_access_check_240618796	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\ico.ico	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\ico.ico	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\CommonObjects.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\FilterControl.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\FilterAPI.DLL	DRMEncV4.2.v.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\FilterAPI.DLL	DRMEncV4.2.v.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\FilterControl.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\x64	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\EaseFlt.sys	DRMEncV4.2.v.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\EaseFlt.sys	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x86\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win32\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File opened for modification	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.dll	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
File created	C:\Program Files (x86)\DRMEncV4.2.v\Bin\win10x64\FilterAPI.lib	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1696	1472	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe	86
PID 1472 wrote to memory of 1696	1472	265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe	86

C:\Users\Admin\AppData\Local\Temp\265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe
"C:\Users\Admin\AppData\Local\Temp\265332d04ceef5e21b4173a4c6c7334366b55c187cd1e21588a56b7a3c3f0a3d.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe
  "C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DRMEncV4.2.v\Bin\Win10X64\EaseFlt.sys

Filesize
205KB

MD5
9a413d5680c427d6216407394ded3103

SHA1
60f979bd0e4ce06b7bbfd7c1b3d3a674432ac4ae

SHA256
2522f9e431a9b8437d49eea64df470d5e455b3792f80ec2e81f4a2b9d22c6902

SHA512
dc362a8126ad5e4bfd0cee66b03a03c829956ae65a72971c3a72c889e7b36059cc39377763e657850af7726a7a1f5f74030b548434e5c435bfbb0458421850af

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\Bin\Win10X64\FilterAPI.DLL

Filesize
305KB

MD5
a11c1b829b984fc1a7bb21f35cbef422

SHA1
fc21f642b66b31aa87ee585448f22975ebb4ec5a

SHA256
76d92be21a0924255bcab7e000f68a34673301a7e078e53be1f8dbfddb879f94

SHA512
c6e31f483f5f2e5ecf0864664cc7b808e740d04740325414a59184eca5ca99c5184765a34e9f9d20a97bfe443f67ac20fc02589734547b37b4eff288e05f47fd

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\CommonObjects.dll

Filesize
308KB

MD5
43cbd3a61e00310ab2e5166768499110

SHA1
4fed74d1e9d013a54b26ddf008c68dd0d39cfb94

SHA256
27ebced71ce9ac2390b2190d054baf680814c2376561a3e2edb666e2fc1fc48a

SHA512
63cde88a8c1d4121b0a0fcf0717f60e1b92580f3f62f95a1352c2502fe560511c7f14504c5a131979ed2fb20f4f417f11bb9e1a2566a30569f93f4bd4e1b357d

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe

Filesize
745KB

MD5
e64d36098230c17f914c3e6fd5a1b600

SHA1
bd7807df252ba29609266c376c8c870d05ed27c4

SHA256
000fa5c188720fafd3a83f9b45193b533edc531acac8e60314bfe932bff9bc9d

SHA512
1fa4f1fe8d3478d84fcd48174cd97a1cce0efd4342840d73a4a27bc1b95346b610bd6021285c3b88b94d58d542d2c3e0f0c926cd1c2ea60c54b21981029b1337

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe

Filesize
745KB

MD5
e64d36098230c17f914c3e6fd5a1b600

SHA1
bd7807df252ba29609266c376c8c870d05ed27c4

SHA256
000fa5c188720fafd3a83f9b45193b533edc531acac8e60314bfe932bff9bc9d

SHA512
1fa4f1fe8d3478d84fcd48174cd97a1cce0efd4342840d73a4a27bc1b95346b610bd6021285c3b88b94d58d542d2c3e0f0c926cd1c2ea60c54b21981029b1337

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\DRMEncV4.2.v.exe

Filesize
745KB

MD5
e64d36098230c17f914c3e6fd5a1b600

SHA1
bd7807df252ba29609266c376c8c870d05ed27c4

SHA256
000fa5c188720fafd3a83f9b45193b533edc531acac8e60314bfe932bff9bc9d

SHA512
1fa4f1fe8d3478d84fcd48174cd97a1cce0efd4342840d73a4a27bc1b95346b610bd6021285c3b88b94d58d542d2c3e0f0c926cd1c2ea60c54b21981029b1337

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\FilterAPI.DLL

Filesize
305KB

MD5
a11c1b829b984fc1a7bb21f35cbef422

SHA1
fc21f642b66b31aa87ee585448f22975ebb4ec5a

SHA256
76d92be21a0924255bcab7e000f68a34673301a7e078e53be1f8dbfddb879f94

SHA512
c6e31f483f5f2e5ecf0864664cc7b808e740d04740325414a59184eca5ca99c5184765a34e9f9d20a97bfe443f67ac20fc02589734547b37b4eff288e05f47fd

Download Submit
C:\Program Files (x86)\DRMEncV4.2.v\FilterControl.dll

Filesize
176KB

MD5
69399aa3082763d0241561261a267990

SHA1
b33f4265e46dd0833a54467f7f58f19d987e9bdf

SHA256
81430c9c365d61696c6b38e98b3209caac54b4b249cb1a1454171fbabb213aac

SHA512
1aba859fb0d414c2b1d2fdf62d3fb38668dbe92398dd5d2bca49695d2fead7b84a74ddedf29d0e9076be0908050beb24c3c54069f28467640cb8a56ae8e3f639

Download Submit
memory/1696-179-0x0000000002350000-0x0000000002360000-memory.dmp

Filesize
64KB

Download
memory/1696-181-0x0000000002320000-0x000000000234E000-memory.dmp

Filesize
184KB

Download
memory/1696-175-0x00000000000B0000-0x0000000000164000-memory.dmp

Filesize
720KB

Download
memory/1696-183-0x000000001ACC0000-0x000000001AD10000-memory.dmp

Filesize
320KB

Download
memory/1696-184-0x000000001C3D0000-0x000000001C446000-memory.dmp

Filesize
472KB

Download
memory/1696-185-0x000000001C210000-0x000000001C22E000-memory.dmp

Filesize
120KB

Download
memory/1696-177-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1696-178-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1696-176-0x00007FF834790000-0x00007FF835251000-memory.dmp

Filesize
10.8MB

Download
memory/1696-190-0x0000000002350000-0x0000000002360000-memory.dmp

Filesize
64KB

Download
memory/1696-191-0x00007FF834790000-0x00007FF835251000-memory.dmp

Filesize
10.8MB

Download
memory/1696-192-0x0000000002350000-0x0000000002360000-memory.dmp

Filesize
64KB

Download
memory/1696-193-0x0000000002350000-0x0000000002360000-memory.dmp

Filesize
64KB

Download