419b6c03a01ad10354c6f70c9077d0bc97a04ca03d0e39748823c8d604da7fe2

Resubmissions

24/08/2024, 21:59

240824-1v7z6ateqk 10

28/07/2024, 20:08

240728-ywzztswdnb 9

Analysis

max time kernel
48s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 20:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

smert.exe
Size

20KB
MD5

9741dc2a48ef315a5032a3190c6a9752
SHA1

595cfcf134ac6a97a75407350b509ad37666d546
SHA256

419b6c03a01ad10354c6f70c9077d0bc97a04ca03d0e39748823c8d604da7fe2
SHA512

a8f26e08cdb7078f51f716014499f4af3f0be2ed057cbc3f67da38120d69534ff05a010ab8879ec5bfc692caac7db6f47e777d701d733a6cda307aaddb70cb6f
SSDEEP

384:asaFiLCCr05Sx158JLLU4Act6GoMZOaB8BYsszReS:aPwXl1585LUNGoMZOXszR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (980) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\README.txt	smert.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	smert.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	smert.exe
File opened (read-only)	\??\A:	smert.exe

Drops file in System32 directory 34 IoCs

description	ioc	Process
File created	C:\Windows\System32\am-et\README.txt	smert.exe
File created	C:\Windows\System32\ar-SA\README.txt	smert.exe
File created	C:\Windows\System32\config\README.txt	smert.exe
File created	C:\Windows\System32\cs-CZ\README.txt	smert.exe
File created	C:\Windows\System32\es-MX\README.txt	smert.exe
File created	C:\Windows\System32\Bthprops\README.txt	smert.exe
File created	C:\Windows\System32\catroot2\README.txt	smert.exe
File created	C:\Windows\System32\da-DK\README.txt	smert.exe
File created	C:\Windows\System32\DDFs\README.txt	smert.exe
File created	C:\Windows\System32\DiagSvcs\README.txt	smert.exe
File created	C:\Windows\System32\el-GR\README.txt	smert.exe
File created	C:\Windows\System32\de-DE\README.txt	smert.exe
File created	C:\Windows\System32\en-US\README.txt	smert.exe
File created	C:\Windows\System32\bg-BG\README.txt	smert.exe
File created	C:\Windows\System32\ContainerSettingsProviders\README.txt	smert.exe
File created	C:\Windows\System32\dsc\README.txt	smert.exe
File created	C:\Windows\System32\en\README.txt	smert.exe
File created	C:\Windows\System32\es\README.txt	smert.exe
File created	C:\Windows\System32\ff-Adlm-SN\README.txt	smert.exe
File created	C:\Windows\System32\README.txt	smert.exe
File created	C:\Windows\System32\Dism\README.txt	smert.exe
File created	C:\Windows\System32\downlevel\README.txt	smert.exe
File created	C:\Windows\System32\en-GB\README.txt	smert.exe
File created	C:\Windows\System32\et-EE\README.txt	smert.exe
File created	C:\Windows\System32\F12\README.txt	smert.exe
File created	C:\Windows\System32\fi-FI\README.txt	smert.exe
File created	C:\Windows\System32\appraiser\README.txt	smert.exe
File created	C:\Windows\System32\AppV\README.txt	smert.exe
File created	C:\Windows\System32\Com\README.txt	smert.exe
File created	C:\Windows\System32\de\README.txt	smert.exe
File created	C:\Windows\System32\es-ES\README.txt	smert.exe
File created	C:\Windows\System32\AdvancedInstallers\README.txt	smert.exe
File created	C:\Windows\System32\Boot\README.txt	smert.exe
File created	C:\Windows\System32\CodeIntegrity\README.txt	smert.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\icui18n56.dll.smert	smert.exe
File created	C:\Program Files\Windows Media Player\it-IT\README.txt	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\resources.pri.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.smert	smert.exe
File created	C:\Program Files (x86)\Google\Update\README.txt	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\textinputdriver.dll.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.smert	smert.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui.smert	smert.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Edge.dat.LOG2.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\resources.pri.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Principal.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\msoimm.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Numerics.Vectors.WindowsRuntime.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Cryptography.Cng.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Globalization.Extensions.dll.smert	smert.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\TimeControls.dll.smert	smert.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\EdgeUpdate.dat.LOG1.smert	smert.exe
File created	C:\Program Files\Windows Media Player\en-US\README.txt	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\SensorFusionLib.winmd.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\mfc140enu.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxSignature.p7x.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\clrcompression.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\README.txt	smert.exe
File created	C:\Program Files\ExportShow.wav.smert	smert.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\README.txt	smert.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.smert	smert.exe
File created	C:\Program Files\Windows Defender\es-ES\ProtectionManagement.mfl.smert	smert.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\seqchk10imm.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\packages.config.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Diagnostics.Contracts.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\EntPlat.dll.smert	smert.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\fr-FR\README.txt	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Runtime.Serialization.Primitives.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotsHubApp.BackgroundWorker.winmd.smert	smert.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.smert	smert.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\sqlite3.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxManifest.xml.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\PRNDMediaSource.winmd.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Mira.Core.Engine.winmd.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Entertainment.winmd.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\index.html.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml.smert	smert.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\ChartIm.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\resources.pri.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.smert	smert.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\LibWrapper.dll.smert	smert.exe
File created	C:\Program Files\Windows Media Player\ja-JP\README.txt	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\resources.pri.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\offlineUtilities.js.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\AppxSignature.p7x.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Photos.Viewer.Sequence.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\iacom2im.dll.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\README.txt	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x.smert	smert.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.ViewElements.dll.smert	smert.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\diagnostics\index\PrinterDiagnostic.xml.smert	smert.exe
File created	C:\Windows\Fonts\segoesc.ttf.smert	smert.exe
File created	C:\Windows\INF\amdi2c.PNF.smert	smert.exe
File created	C:\Windows\INF\BthOob.inf.smert	smert.exe
File created	C:\Windows\INF\hidbth.PNF.smert	smert.exe
File created	C:\Windows\PolicyDefinitions\en-US\README.txt	smert.exe
File created	C:\Windows\assembly\PublisherPolicy.tme.smert	smert.exe
File created	C:\Windows\SoftwareDistribution\DataStore\README.txt	smert.exe
File created	C:\Windows\ImmersiveControlPanel\images\wide.RestrictBackgroundData.png.smert	smert.exe
File created	C:\Windows\INF\uefi.inf.smert	smert.exe
File created	C:\Windows\INF\net8187se64.inf.smert	smert.exe
File created	C:\Windows\Boot\Fonts\meiryo_boot.ttf.smert	smert.exe
File created	C:\Windows\INF\mdmiodat.inf.smert	smert.exe
File created	C:\Windows\Fonts\seriffe.fon.smert	smert.exe
File created	C:\Windows\Fonts\vgafix.fon.smert	smert.exe
File created	C:\Windows\INF\memory.PNF.smert	smert.exe
File created	C:\Windows\INF\transfercable.inf.smert	smert.exe
File created	C:\Windows\Installer\c5ca.msp.smert	smert.exe
File created	C:\Windows\Cursors\beam_l.cur.smert	smert.exe
File created	C:\Windows\Fonts\cga40737.fon.smert	smert.exe
File created	C:\Windows\INF\hdaudbus.inf.smert	smert.exe
File created	C:\Windows\InputMethod\CHS\ChsPinyinAP.lex.smert	smert.exe
File created	C:\Windows\Fonts\couret.fon.smert	smert.exe
File created	C:\Windows\Fonts\trebucbd.ttf.smert	smert.exe
File created	C:\Windows\INF\compositebus.PNF.smert	smert.exe
File created	C:\Windows\INF\c_image.inf.smert	smert.exe
File created	C:\Windows\INF\c_firmware.inf.smert	smert.exe
File created	C:\Windows\INF\ItSas35i.inf.smert	smert.exe
File created	C:\Windows\Help\en-US\README.txt	smert.exe
File created	C:\Windows\Cursors\aero_pen.cur.smert	smert.exe
File created	C:\Windows\INF\mdmzyxel.inf.smert	smert.exe
File created	C:\Windows\INF\mtconfig.inf.smert	smert.exe
File created	C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-white_scale-150.png.smert	smert.exe
File created	C:\Windows\ImmersiveControlPanel\images\logo.contrast-black_scale-200.png.smert	smert.exe
File created	C:\Windows\INF\mdmpenr.inf.smert	smert.exe
File created	C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim.smert	smert.exe
File created	C:\Windows\diagnostics\index\SpeechDiagnostic.xml.smert	smert.exe
File created	C:\Windows\INF\wmiacpi.PNF.smert	smert.exe
File created	C:\Windows\INF\termmou.inf.smert	smert.exe
File created	C:\Windows\INF\wvmic_shutdown.inf.smert	smert.exe
File created	C:\Windows\Fonts\malgunsl.ttf.smert	smert.exe
File created	C:\Windows\INF\SDFLauncher.inf.smert	smert.exe
File created	C:\Windows\Fonts\ega80850.fon.smert	smert.exe
File created	C:\Windows\INF\c_printer.inf.smert	smert.exe
File created	C:\Windows\INF\mdm3com.inf.smert	smert.exe
File created	C:\Windows\InputMethod\CHS\ChsPinyin.lex.smert	smert.exe
File created	C:\Windows\Installer\a06f.msp.smert	smert.exe
File created	C:\Windows\INF\c_sbp2.inf.smert	smert.exe
File created	C:\Windows\InputMethod\CHS\ChsPinyinDM01.lex.smert	smert.exe
File created	C:\Windows\Fonts\Sitka.ttc.smert	smert.exe
File created	C:\Windows\ImmersiveControlPanel\images\wide.Personalize.png.smert	smert.exe
File created	C:\Windows\Cursors\aero_nwse_xl.cur.smert	smert.exe
File created	C:\Windows\Cursors\no_r.cur.smert	smert.exe
File created	C:\Windows\Cursors\beam_rl.cur.smert	smert.exe
File created	C:\Windows\diagnostics\index\MaintenanceDiagnostic.xml.smert	smert.exe
File created	C:\Windows\Cursors\size4_l.cur.smert	smert.exe
File created	C:\Windows\INF\fidohid.inf.smert	smert.exe
File created	C:\Windows\INF\msports.PNF.smert	smert.exe
File created	C:\Windows\Boot\PCAT\bootuwf.dll.smert	smert.exe
File created	C:\Windows\Containers\WindowsDefenderApplicationGuard.wim.smert	smert.exe
File created	C:\Windows\INF\msdri.inf.smert	smert.exe
File created	C:\Windows\Fonts\msyi.ttf.smert	smert.exe
File created	C:\Windows\INF\hdaudio.PNF.smert	smert.exe
File created	C:\Windows\ImmersiveControlPanel\images\TileSmall.scale-125.png.smert	smert.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 1668	1548	smert.exe	85
PID 1548 wrote to memory of 1668	1548	smert.exe	85

C:\Users\Admin\AppData\Local\Temp\smert.exe
"C:\Users\Admin\AppData\Local\Temp\smert.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Users\Admin\AppData\Local\Temp\smert.exe
  "C:\Users\Admin\AppData\Local\Temp\smert.exe" --foodsum
  2⤵
  - Drops file in Drivers directory
  - Enumerates connected drives
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Windows Media Player\es-ES\wmpnssui.dll.mui.smert

Filesize
3KB

MD5
891f24ebf1cdce4efbcbdcafec5e4e89

SHA1
6599380943829758d7b84b0b041474dea75883a7

SHA256
c56cdb14bed05252271423ac54bbe1037931e9fbaf2ad4386b30e4fa580f304c

SHA512
b305888049dbe85fe13e82cf7ba08a5c63aa43e23e643bb464aed18899299c181f98b690e228c717c458b6b0b1a15e214749e20658926782048e2baaaf48aca3

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.smert

Filesize
8KB

MD5
31797e96d0805126afd292dcbf3edb95

SHA1
7af6f3d556c93c7e4a6e7417b10a4f2baf5f2175

SHA256
f2a622cbd8781f306deffa5027de296ddcbe468dccc624aec0496716f5e505ca

SHA512
faad742f28a3ab746ce59ce60430d0652892540bb4bb2ae3eb8f2281d28b7c39d52bfcbf92ccd7566e5e71c7a9ff49e85ab152c257d83b07875ac153eea1f25c

Download Submit
C:\Program Files\7-Zip\Lang\tk.txt.smert

Filesize
9KB

MD5
b92a5d85a1ce4f582b0c3e20d4fb8d99

SHA1
b59a1900f649ae7d455c75a9d0636b5ffba95f45

SHA256
14fe5277ddd6c3449d7e9b695f15ea4744bf6169f30aebc64650a9eeaedd26f3

SHA512
16a4f9ce3f545473c9c1d706317905d6f69fb9fdc149176bdcf68e5d207712fb6585b890a6714a20c9cc59194e952c610e3425436011420615777b5b1e3eaa96

Download Submit
C:\Program Files\Mozilla Firefox\mozavcodec.dll.smert

Filesize
3.0MB

MD5
0adab0b9d48c6f0f02b8373661262ab8

SHA1
6d712961e31af91e2c8225b9adf5bd3ac85129b4

SHA256
15e593bbd207f82681d1c3beb1ebed3fe3d1be6fbec5158fe3321b810a4052d4

SHA512
fcd66b60aa48dc0cc87705294707e598a63cb2e911bcd626d152fb218fe9fa277b607efdbf92343a70d3126ea565cb35f10d49b46ce0454db61efa74d5cb5eb5

Download Submit
C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.smert

Filesize
3KB

MD5
6413c9777d9f456eaeb5540da2b6407d

SHA1
b79c23ea6f9e56b9143e744c0ff3f0ea81f430de

SHA256
32bd7f0f636608744261c8accb342ac542d272d73141e7b3332f47972a949d28

SHA512
577e5d188e9030a4207a2f1c658f6f545567cd855e1174b82abe42bea9f8e9df7316d94f692dde836cd7544214a1189994d447ac54a906838cec68714a080e7e

Download Submit
C:\ProgramData\Microsoft\Diagnosis\EventStore.db.smert

Filesize
56KB

MD5
3fb1d12a6a41b69202cd15d89ba26b1c

SHA1
fe82b2a17420991a32ff96797abcf7bd5cc9b7f1

SHA256
6b42f7c90d3a2421b1c7a9a8704884f936768ad8c9c71b57131828c55645d067

SHA512
3fcd8f6ea4f42c0917ea176043b97e34bf119515180eb88bbfbce783afa435f26f94a8222b0fa5e85ad82912831254e28511af2d7c5ae563bc10b16a3580508d

Download Submit
C:\Users\Admin\Desktop\ResizeSelect.vssx.smert

Filesize
601KB

MD5
206ccd59787b0b4caba096fe02a831d9

SHA1
cf5e65488e0f3f451a3d6a22e194b2cda6950e0f

SHA256
cedb4ac7dbcf582b794e4893a6837793dc6242f556eacd3948980082c0ea573d

SHA512
71bb8611eb706298f8b1b09912185f1a55c1c46d0ac5911093d0ed28b4963f52685127104094e2a9ce91490a64e29aa5a4f8f52a8fc3682b51b86aaeb8e6f02c

Download Submit
C:\Users\Admin\Documents\README.txt

Filesize
795B

MD5
2a7c9cc134d0b01b1aeea62d0df4b8c8

SHA1
e42a397c51078848a8d8068c33b5690444100ff6

SHA256
0dd91415765e5b9126a4076f675448d7cee13acf7b26f436da2ff2d019534c26

SHA512
e8fb9e722adf892dc5d012132d5f0633c040fd94ec486e52b6e084013e3c28a71bc6cdeb25354c4832f72a90ea13881475a4496fe37607fc43aa0f9c3170b6fd

Download Submit
C:\Windows\Fonts\courft.fon.smert

Filesize
32KB

MD5
8f0ce5ce8b8c3cac2c86a962b7b0da7b

SHA1
41bc7b9ca558bf0a65c06626d33a673e54fe59eb

SHA256
50a14686ecf5115bf9e56eb3b0b01d0ce33058869c8635b6f1b72df55feb86d3

SHA512
f17d7c13882a716ae8a78368ac401b32e21d2fe083287f5770f3ef33954a96fdb9a411bff950be0cec715e01fc56d5151613d4acc45ca8f88b8bf6a5b5da42c6

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads