827b609eef3893e1f67ede6b83d326f3c10b11a0f9313ad712978fe9592622c0

Analysis

max time kernel
188s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 19:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

total commander poweruser v.73 portable by ha3apet.exe
Size

271.0MB
MD5

a34f3e082d853e82f9f0d5d4308d0e32
SHA1

7b0e59e0623b71e6d470192814a921779faf97c2
SHA256

827b609eef3893e1f67ede6b83d326f3c10b11a0f9313ad712978fe9592622c0
SHA512

afb4eed7c0ac15376561ca4ba3f2079ee9533bb47e0e92fde734669073ff2b6fa706411c362c2afe2504bb4e088b80107ec6fc697fd1526652f3ec2b4242ad10
SSDEEP

6291456:Y04fZUpz6LDezTcjpQqvIzd+4PA4OxRWL5RORCwjRY8hq09o/:Y04kz6WzSSZ44OSL5RO48h1Q

Score

5^/10

Malware Config

Signatures

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\TCPU73\Programm\uVS\CD\autorun.inf	total commander poweruser v.73 portable by ha3apet.exe
File opened for modification	C:\TCPU73\Programm\uVS\CD\autorun.inf	total commander poweruser v.73 portable by ha3apet.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1036	total commander poweruser v.73 portable by ha3apet.exe

C:\Users\Admin\AppData\Local\Temp\total commander poweruser v.73 portable by ha3apet.exe
"C:\Users\Admin\AppData\Local\Temp\total commander poweruser v.73 portable by ha3apet.exe"
1⤵
- Drops autorun.inf file
- Suspicious use of FindShellTrayWindow
PID:1036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\TCPU73\Programm\AIMP\AIMP\Plugins\aimp_lastfm\Langs\croatian.lng

Filesize
8KB

MD5
ea796fc0a7025dba4e5b9601156760d4

SHA1
cbbf6dfed80b0d3bb92e8215f9041d811e511760

SHA256
621737b1dc1ea946d3a0afb5aee547828cd21c7eac47498bf76f025c915180bf

SHA512
abe23e9f44ec89604de05426811c121473820f271acb82b7778e3fd4c8c1e89c87ebfb6f43f16c2737ee2d5bfb40bf077fe0228d7db2f15fd33e8f3f8ac3d290

Download Submit
C:\TCPU73\Programm\AIMP\AIMP\Plugins\aimp_lastfm\Langs\dutch.lng

Filesize
8KB

MD5
e301e1094a5d503faf2bef6ea5a72b53

SHA1
ae3fc09980b86e6b3d02ffee0def30fa47787483

SHA256
6595b76b51a84fb99d53ec6444c83aad3e6331764ed86f6795627fc8db1ba8fe

SHA512
727e0efffd3a917266e44b3ed78a13e5a6a892df9272d7f8bfbf4cda3da521691e650189e160f7cffbd77788d361369a571fa1efab94ab7e89bc76481cf391ff

Download Submit
C:\TCPU73\Programm\AIMP\AIMP\Plugins\aimp_scheduler\Langs\finnish.lng

Filesize
11KB

MD5
9d7c825f83adc92189b5d7432a1b1758

SHA1
c35625cfc158486894e8511419aaa46d46af9bbd

SHA256
3387a884f0986d423f40d11f332ef53c50a90ffdd6ce60b5eaf65878214c5549

SHA512
17f6cc3f7c364793dba53ac67ef19b7df7419a614a9cdb37815f4c12f27ee1c02d157df1dfc4ba8bd026d70ce6f7fd1585e2e2fbc6e7504d11a7cf13869ddbb9

Download Submit
C:\TCPU73\Programm\AIMP\AIMP\Plugins\aimp_scrobbler\Langs\slovak.lng

Filesize
9KB

MD5
d0f9512fd992a1591269631a68ba1ca6

SHA1
a4ab5024577acde92397aaa887827e64b1c55c35

SHA256
fb33064a5e3aa502e0b6688a772574a81c661a3341c360ec4bcbb2cf86063220

SHA512
e9c5b076b4211abb5bb8ebd68432f032e38f4d56d217699b673e06e17ca16f9b5893439ffec2901daba95d378c9eb59c2d7ce3e798776ec656e20b33c9cf684f

Download Submit
C:\TCPU73\Programm\AIMP\AIMP\Plugins\aimp_scrobbler\Langs\ukrainian.lng

Filesize
11KB

MD5
ba4c4b7ffa7759fa47c41dfd09de8006

SHA1
ff4ba0e0f68b73a186c8ffebed7ab9917ec470d2

SHA256
f5174e89bfa79a615dc6613af3b3f07a46962c7abc0944ff394a9d24ed163e98

SHA512
d61a968a6eb571144fad98dc9e0267bb8b3e7fcf9479b60a5bf6ba3af383dcf04c44d298885bf08201fc02d4720124bf0703c3f99dad38fbdc84c29a2c10b617

Download Submit
C:\TCPU73\Programm\Errorlookup\64\portable.dat

Filesize
10B

MD5
15b9de0b65f03afe4235b261fe4e28dc

SHA1
3101a088809003ccb03c908321a6586cc341f736

SHA256
889b31c6a536fee7b302a65e6a816ec43341b2602e791b2c04fc74d499886e99

SHA512
c3143f190058d81136b11cba9ce4eddc12cf8b21755c9091d80430f8afb30f84947767dc5330b9157832c1a603b66db3d6b46dfaa72e9d51a60863f52fd40bd6

Download Submit
C:\TCPU73\Programm\Executor\skins\PowerUser_listbg.jpg

Filesize
23KB

MD5
ce608c456f542cc0266a206625084a38

SHA1
309e7d345e91aee9467681d70fce2b73680f1051

SHA256
ee380da543dfbcd14ce489d8e0044659978ab3b429581f1c7642648af9b25a54

SHA512
1ddef6a542853a29be4970652b43b22c347b4fa63044b1ddddde7a89b11e9fedccbb6d19a28f9b65817dedf2e3a80da9773a7afc336dce9b413eee45f615d2b3

Download Submit
C:\TCPU73\Programm\Nirsoft\volumouse_lng.ini

Filesize
4KB

MD5
713cb3569b6a22b0e6573481adbc5bb9

SHA1
f3620937b4c82c3492959a820fcfdcd4f165d93e

SHA256
1219117ef910a39da55966a9f2b3e954a57db4080e6e998927a931b288e4b141

SHA512
3c1a4ebc01262c25235dc1ab17c40e6c3a2a03a54c78ee2b0675cd5fa5577f2a6cefa3fb38be3b8c3b03941bfc7ef17c1982e9ee2c9c93470cddf4f896c3482a

Download Submit
C:\TCPU73\Programm\PotPlayer\Module\Bass\bass.dll

Filesize
126KB

MD5
f2a113b6ee24d9382953c9729ae357af

SHA1
749f4512a02287095a53db634783f7e399cd31b9

SHA256
0738dc614d751b3b08125c03a920fc243a3e5eea4f16d3374d8d94a6e2454477

SHA512
f9f366515b337c9df48ff1a21fb124091b2bec94c8a2d94de9c17c210b24931222a11d5b9914ea2fa40807ff7d4322d72d7779f34d07ce3ca2a44795718d047b

Download Submit
C:\TCPU73\Programm\WinDjView\altrun.cfg

Filesize
17B

MD5
a980ff2c9ad61daf7ad050272334fdbd

SHA1
0e44a1e98b93915a542d6a9d8fea99755762fb59

SHA256
547aeb44154f9b69ddddbac2ebea798377604e6bb2c31950e8857030ed6a9b47

SHA512
3a9c82bbf00d8dd95c753f468d1ab051af02f32aa99b2db8b9bb48c6ec36635f62390204215b2cbb657270083150fa6ceb24b27892710a04f6cbb4cc25343833

Download Submit
C:\TCPU73\Programm\ramdisk\64\spvdbus2.inf

Filesize
2KB

MD5
070945801248e26136a26e955ba0a506

SHA1
0c7372d39f98c2fcfc04c5bd50b33a9ec0283600

SHA256
62b29573dd0bf42e7383958c342f1e2eafd1ee5bba830f052a940f4af13e47ac

SHA512
10f225af8ce97da82344f14a9bd1fdb9cff3fc25d34a6a938b3caf0d162e39403c0c40d27bd78b1a702fdc31356ac8d79421581c55c06a6ea1e5978bfb520d75

Download Submit
C:\TCPU73\Scripts\addon\7zx64\Lang\ru.txt

Filesize
14KB

MD5
b5cec4d03d2d9e162137e475c54afbc3

SHA1
3e86ae0174a096b07173c623b637122e4323dd29

SHA256
ac73d4810639114c3269e3beaec84ecac9473ca6fbc248d804a09df2b33e4351

SHA512
cb78bd4f6d7d94780bf84f6618a2800a3b6885485c6cb7b0836affcb9ca6f6734834fb84f756946e59595067788cd1b1a230cec760e39d3ea0baf523f7cc7647

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads