abee9f014c44a565c431298569644024d17d0be5723e1bf5a230fec2327e895f

Analysis

max time kernel
125s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2023, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mmm-setup.exe
Size

2.0MB
MD5

d416e704c3a4821d54f6176911e4ca1d
SHA1

bf30bfc04f6c99c2ff6b9c4c5ede6e21bd386a2b
SHA256

abee9f014c44a565c431298569644024d17d0be5723e1bf5a230fec2327e895f
SHA512

a0cae9e0e41951d8c00504c41b02d31ed0513f12b612328268e999ff561b5dab98e823f60474f42c43ce6002b1abfca08287a582510a8b4b2e4ddce0ec9d2d61
SSDEEP

49152:7tfrWDO5BpVnWh7RtpO11+FKAqKMPhEYmdke:7tfrWOpVWpRfK0MGYmee

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000\Control Panel\International\Geo\Nation	mmm-setup.exe

Executes dropped EXE 1 IoCs

pid	Process
852	OnlineInstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 852	2296	mmm-setup.exe	90
PID 2296 wrote to memory of 852	2296	mmm-setup.exe	90
PID 2296 wrote to memory of 852	2296	mmm-setup.exe	90

C:\Users\Admin\AppData\Local\Temp\mmm-setup.exe
"C:\Users\Admin\AppData\Local\Temp\mmm-setup.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe"
  2⤵
  - Executes dropped EXE
  PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe

Filesize
4.1MB

MD5
de1900752b7126dca36cd4b52ccf1742

SHA1
f36d9e20c5443dd04d12a2927297b0f639daefa8

SHA256
8d3c1c0f912db997d3327249d0f03ee6581d8e9a90bdf060fc9e0526e292fb7a

SHA512
4809004771b09ca1a39071f5f8919b6893335588bb8ff58efb804430413878820848d5b4cc34db864df0de84051d35d14032152e0adcd2f1a1782ec588181bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe

Filesize
4.1MB

MD5
de1900752b7126dca36cd4b52ccf1742

SHA1
f36d9e20c5443dd04d12a2927297b0f639daefa8

SHA256
8d3c1c0f912db997d3327249d0f03ee6581d8e9a90bdf060fc9e0526e292fb7a

SHA512
4809004771b09ca1a39071f5f8919b6893335588bb8ff58efb804430413878820848d5b4cc34db864df0de84051d35d14032152e0adcd2f1a1782ec588181bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\OnlineInstall.exe

Filesize
4.1MB

MD5
de1900752b7126dca36cd4b52ccf1742

SHA1
f36d9e20c5443dd04d12a2927297b0f639daefa8

SHA256
8d3c1c0f912db997d3327249d0f03ee6581d8e9a90bdf060fc9e0526e292fb7a

SHA512
4809004771b09ca1a39071f5f8919b6893335588bb8ff58efb804430413878820848d5b4cc34db864df0de84051d35d14032152e0adcd2f1a1782ec588181bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Check_Selected.png

Filesize
1KB

MD5
6d116dccaac5056d7d1f4a593d5ac0db

SHA1
242a6a198c7e1e22bda176065cf0b26a276b6f72

SHA256
0946efee104652f084c6fb2f271b06fcdfb50de893d64cd4287cc8e64deced92

SHA512
037c4cb011492a27da3f7a6d2e7e75cabac8c58eca3607d57df248491b4786247c08a2f9ffd5fe49d3ef0b9f862b3ecb4a4783e04b1801c13935f271df224e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Close_Nomal.png

Filesize
1KB

MD5
99fcff2aca703823e083cb90a3192146

SHA1
376158f2e3e6c4f42e67415f180539d562bd27fb

SHA256
cbe96210dc6c28e21625c01db80e510152eecbf4ddbc75a30feeefb9ffa318ef

SHA512
86b51f428a34f7de88f8aa5268028c86dee41a894ec3704c7ba10c0c8f7ef065af9c18d8d1999c903c5aa062abb2910630477b3b11db02f33c6e77373cff3d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Config.ini

Filesize
554B

MD5
4d1bb1565683540ad56454b56452d4d1

SHA1
b62197a6ed3aaaa5fe8bae786d5f799216eb913c

SHA256
d0dc023be6bc07f186d21682c649990fac01ecf8f63e994468d6a01dbab8b567

SHA512
acdf6ba0a02daa367c965ae463ff0bcefe9a118d4bb3bf006b29a9b40042ba50408d1ecee87f4dc93b68414dbbfe4c63e68644930996a4b1f6d631a9d233855a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Dropdown_Nomal.png

Filesize
1KB

MD5
79a297af3cc5d3501558bfc2344f250a

SHA1
7cae747038212afaf6ac69ae57e99cdf9a7ee97d

SHA256
0f8ed5fdb53a8895e0159855268e0b8bb084766473ceb3ced8b96209844e359f

SHA512
e5e4a5feb042725564885be76d8a6bf7d1e68fcd8734822c8f5b5653f1cef9065dfa7d07e57df24332a95567020bb9135ae2233b9d7fbe0a6caa4cd5691b0c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Installnow_nomal.png

Filesize
1KB

MD5
5a02fb88141286b03e5c96bfab807c11

SHA1
4639a647d31d267cf08f4d3e92d62e61749ca1fa

SHA256
7a668d959b0c980edb8fa1b1a359e881f7865a4ec78f879afb2460f99c45367c

SHA512
f6d8b34e7c60ec8ad8d43b6cdb449dd608d29efd2abe377b2439e8fbdb70b72b048948fb17a65dd8b4469c2c65bbfb2e7c583cb880441e26a0d41b14f1e27c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Language.ini

Filesize
38B

MD5
abacaded57bf1c4c7e02647433e6a8da

SHA1
d2b8df8a815bad3d3314dc21cd0b800289d62b9a

SHA256
8b5b7693577d05ef72bc63bcf31aaa5327aab2fb7790e00d3794f924a117fba7

SHA512
7320a3d005d69df933e6c5c69cefdd27fc50eece20607202c891318d82c20def3c651f0377f1799e0f51e6af9af2a6de2720066ab011be8b93b46ed63d105189

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\Main.png

Filesize
15KB

MD5
56153153df832979e4963af537eda094

SHA1
e9804deb056a0b991935ff500d9a0f789e7abb86

SHA256
a993eb488b04a2ac6112cad1463881423924f0aadea90e5d35506e7226c7b3b9

SHA512
517ed9c610700aa9f2a07867600bbc08f0e1ec2067822c79239935cb03437d5624bbe53ef32b4d2849b47355e0084fb3a902d1e8f8d10dcfb72422756e733042

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\skin_anima\MainUI.xml

Filesize
9KB

MD5
ea1eb245ad1843da4fd09176eb27b4c1

SHA1
759cf4fe2b48b31eb428f034e720562153a85eff

SHA256
ded685dc3d3aad3064b341e4969dd2beb91efd0fbfdb30eac990dc75a91b16bf

SHA512
00b8b121583295b3549c9b8538b1119a2384a8032b5d94ba5cab429f58e724d337f4d0e0d388b52da712efd477f591b6b51d823643f9581d15b6ed2cefe38112

Download Submit