419b6c03a01ad10354c6f70c9077d0bc97a04ca03d0e39748823c8d604da7fe2

Resubmissions

24/08/2024, 21:59

240824-1v7z6ateqk 10

28/07/2024, 20:08

240728-ywzztswdnb 9

Analysis

max time kernel
21s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

smert.exe
Size

20KB
MD5

9741dc2a48ef315a5032a3190c6a9752
SHA1

595cfcf134ac6a97a75407350b509ad37666d546
SHA256

419b6c03a01ad10354c6f70c9077d0bc97a04ca03d0e39748823c8d604da7fe2
SHA512

a8f26e08cdb7078f51f716014499f4af3f0be2ed057cbc3f67da38120d69534ff05a010ab8879ec5bfc692caac7db6f47e777d701d733a6cda307aaddb70cb6f
SSDEEP

384:asaFiLCCr05Sx158JLLU4Act6GoMZOaB8BYsszReS:aPwXl1585LUNGoMZOXszR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1778) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\README.txt	smert.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	smert.exe
File opened (read-only)	\??\A:	smert.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\es-ES\apss.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\fwcfg.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\msacm32.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\mssvp.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\ws2_32.dll.mui.smert	smert.exe
File created	C:\Windows\System32\it-IT\dot3ui.dll.mui.smert	smert.exe
File created	C:\Windows\System32\MshtmlDac.dll.smert	smert.exe
File created	C:\Windows\System32\it-IT\dmdskres.dll.mui.smert	smert.exe
File created	C:\Windows\System32\nb-NO\WMPhoto.dll.mui.smert	smert.exe
File created	C:\Windows\System32\nsisvc.dll.smert	smert.exe
File created	C:\Windows\System32\powrprof.dll.smert	smert.exe
File created	C:\Windows\System32\es-ES\perftrack.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\eapsvc.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\FXSCOMPOSERES.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\pegi.rs.mui.smert	smert.exe
File created	C:\Windows\System32\it-IT\eqossnap.dll.mui.smert	smert.exe
File created	C:\Windows\System32\it-IT\fontext.dll.mui.smert	smert.exe
File created	C:\Windows\System32\oobe\msoobeui.dll.smert	smert.exe
File created	C:\Windows\System32\pt-PT\d2d1.dll.mui.smert	smert.exe
File created	C:\Windows\System32\shimgvw.dll.smert	smert.exe
File created	C:\Windows\System32\es-ES\azsqlext.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\urlmon.dll.mui.smert	smert.exe
File created	C:\Windows\System32\normnfc.nls.smert	smert.exe
File created	C:\Windows\System32\sensrsvc.dll.smert	smert.exe
File created	C:\Windows\System32\es-ES\dhcpcore.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\rdvgumd64.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\wdi.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\xwtpw32.dll.mui.smert	smert.exe
File created	C:\Windows\System32\NOISE.THA.smert	smert.exe
File created	C:\Windows\System32\es-ES\mciwave.dll.mui.smert	smert.exe
File created	C:\Windows\System32\mshtmled.dll.smert	smert.exe
File created	C:\Windows\System32\ncobjapi.dll.smert	smert.exe
File created	C:\Windows\System32\es-ES\DeviceCenter.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\midimap.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\rasapi32.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\utildll.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\schedsvc.dll.mui.smert	smert.exe
File created	C:\Windows\System32\it-IT\dxdiagn.dll.mui.smert	smert.exe
File created	C:\Windows\System32\osbaseln.dll.smert	smert.exe
File created	C:\Windows\System32\pl-PL\d2d1.dll.mui.smert	smert.exe
File created	C:\Windows\System32\ru-RU\msimsg.dll.mui.smert	smert.exe
File created	C:\Windows\System32\ShiftJIS.uce.smert	smert.exe
File created	C:\Windows\System32\es-ES\encdec.dll.mui.smert	smert.exe
File created	C:\Windows\System32\it-IT\fwcfg.dll.mui.smert	smert.exe
File created	C:\Windows\System32\NOISE.CHT.smert	smert.exe
File created	C:\Windows\System32\pnrpnsp.dll.smert	smert.exe
File created	C:\Windows\System32\es-ES\msctf.dll.mui.smert	smert.exe
File created	C:\Windows\System32\it-IT\DXPTaskRingtone.dll.mui.smert	smert.exe
File created	C:\Windows\System32\PerfCenterCpl.ico.smert	smert.exe
File created	C:\Windows\System32\it-IT\dispci.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\HotStartUserAgent.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\msxml6r.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\rdpendp.dll.mui.smert	smert.exe
File created	C:\Windows\System32\it-IT\DFDTS.dll.mui.smert	smert.exe
File created	C:\Windows\System32\mssha.dll.smert	smert.exe
File created	C:\Windows\System32\msxml6r.dll.smert	smert.exe
File created	C:\Windows\System32\es-ES\apircl.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\cpfilters.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\DDACLSys.dll.mui.smert	smert.exe
File created	C:\Windows\System32\es-ES\NetworkMap.dll.mui.smert	smert.exe
File created	C:\Windows\System32\mycomput.dll.smert	smert.exe
File created	C:\Windows\System32\sbe.dll.smert	smert.exe
File created	C:\Windows\System32\fr-FR\README.txt	smert.exe
File created	C:\Windows\System32\es-ES\ucmhc.dll.mui.smert	smert.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\wab32res.dll.smert	smert.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.smert	smert.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\README.txt	smert.exe
File created	C:\Program Files\UndoApprove.pdf.smert	smert.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.smert	smert.exe
File created	C:\Program Files\Windows Media Player\fr-FR\README.txt	smert.exe
File created	C:\Program Files (x86)\Windows Portable Devices\README.txt	smert.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.smert	smert.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.smert	smert.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\fonts\README.txt	smert.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\README.txt	smert.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.smert	smert.exe
File created	C:\Program Files (x86)\Microsoft.NET\RedistList\README.txt	smert.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.smert	smert.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.smert	smert.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.smert	smert.exe
File created	C:\Program Files\Microsoft Games\Purble Place\README.txt	smert.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.smert	smert.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.smert	smert.exe
File created	C:\Program Files\DenyClose.reg.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.smert	smert.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.smert	smert.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.smert	smert.exe
File created	C:\Program Files\Microsoft Games\FreeCell\README.txt	smert.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.smert	smert.exe
File created	C:\Program Files\Windows Mail\fr-FR\README.txt	smert.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.smert	smert.exe
File created	C:\Program Files\InstallConvert.eps.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.smert	smert.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\README.txt	smert.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.smert	smert.exe
File created	C:\Program Files\Windows Media Player\it-IT\README.txt	smert.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.smert	smert.exe
File created	C:\Program Files (x86)\Google\Update\README.txt	smert.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.smert	smert.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.smert	smert.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.smert	smert.exe
File created	C:\Program Files\DVD Maker\it-IT\README.txt	smert.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.smert	smert.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.smert	smert.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.smert	smert.exe
File created	C:\Program Files\Internet Explorer\README.txt.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.smert	smert.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.smert	smert.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.smert	smert.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\README.txt	smert.exe
File created	C:\Program Files (x86)\Windows Mail\de-DE\README.txt	smert.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.smert	smert.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\inf\averfx2hbh826d_noaverir_x64.inf.smert	smert.exe
File created	C:\Windows\inf\prnbr004.inf.smert	smert.exe
File created	C:\Windows\Panther\UnattendGC\diagerr.xml.smert	smert.exe
File created	C:\Windows\assembly\README.txt	smert.exe
File created	C:\Windows\fr-FR\README.txt	smert.exe
File created	C:\Windows\inf\averhbh826_noaverir_x64.inf.smert	smert.exe
File created	C:\Windows\inf\mdmhayes.inf.smert	smert.exe
File created	C:\Windows\inf\hpoa1ss.PNF.smert	smert.exe
File created	C:\Windows\Media\ding.wav.smert	smert.exe
File created	C:\Windows\ehome\ja-JP\cbva.dll.mui.smert	smert.exe
File created	C:\Windows\Fonts\simsunb.ttf.smert	smert.exe
File created	C:\Windows\Media\Heritage\README.txt	smert.exe
File created	C:\Windows\ehome\MFCongestionController.dll.smert	smert.exe
File created	C:\Windows\inf\mdmhay2.inf.smert	smert.exe
File created	C:\Windows\inf\mdmagm64.PNF.smert	smert.exe
File created	C:\Windows\inf\mdmbw561.inf.smert	smert.exe
File created	C:\Windows\Cursors\aero_busy_xl.ani.smert	smert.exe
File created	C:\Windows\ehome\ehiExtens.dll.smert	smert.exe
File created	C:\Windows\inf\mdmgl001.PNF.smert	smert.exe
File created	C:\Windows\Media\Calligraphy\Windows Battery Critical.wav.smert	smert.exe
File created	C:\Windows\Cursors\libeam.cur.smert	smert.exe
File created	C:\Windows\Fonts\Candarai.ttf.smert	smert.exe
File created	C:\Windows\Media\Landscape\Windows Hardware Remove.wav.smert	smert.exe
File created	C:\Windows\Media\Windows Ringin.wav.smert	smert.exe
File created	C:\Windows\ehome\de-DE\ehjpnime.dll.mui.smert	smert.exe
File created	C:\Windows\inf\prnep00e.inf.smert	smert.exe
File created	C:\Windows\Media\Sonata\Windows Logon Sound.wav.smert	smert.exe
File created	C:\Windows\Cursors\no_i.cur.smert	smert.exe
File created	C:\Windows\inf\prnca00b.inf.smert	smert.exe
File created	C:\Windows\PolicyDefinitions\de-DE\PerfCenterCPL.adml.smert	smert.exe
File created	C:\Windows\Fonts\comicbd.ttf.smert	smert.exe
File created	C:\Windows\inf\mdmbr006.inf.smert	smert.exe
File created	C:\Windows\Fonts\simhei.ttf.smert	smert.exe
File created	C:\Windows\inf\mdmc26a.PNF.smert	smert.exe
File created	C:\Windows\inf\prnca00i.inf.smert	smert.exe
File created	C:\Windows\inf\netbxnda.PNF.smert	smert.exe
File created	C:\Windows\inf\netavpna.inf.smert	smert.exe
File created	C:\Windows\inf\netathrx.PNF.smert	smert.exe
File created	C:\Windows\ehome\ehcmres.dll.smert	smert.exe
File created	C:\Windows\Fonts\BELLB.TTF.smert	smert.exe
File created	C:\Windows\Media\Landscape\Windows Error.wav.smert	smert.exe
File created	C:\Windows\PolicyDefinitions\en-US\ReAgent.adml.smert	smert.exe
File created	C:\Windows\ehome\de-DE\epgtos.txt.smert	smert.exe
File created	C:\Windows\inf\mdmbr008.PNF.smert	smert.exe
File created	C:\Windows\Media\Landscape\Windows Logoff Sound.wav.smert	smert.exe
File created	C:\Windows\Cursors\beam_rm.cur.smert	smert.exe
File created	C:\Windows\ehome\fr-FR\playready_eula.txt.smert	smert.exe
File created	C:\Windows\inf\mdmmhrtz.PNF.smert	smert.exe
File created	C:\Windows\inf\mdmzyp.inf.smert	smert.exe
File created	C:\Windows\inf\mdmmotou.inf.smert	smert.exe
File created	C:\Windows\inf\netmyk00.PNF.smert	smert.exe
File created	C:\Windows\inf\prnsv002.PNF.smert	smert.exe
File created	C:\Windows\inf\netbrdgs.inf.smert	smert.exe
File created	C:\Windows\ehome\de-DE\ehentt.dll.mui.smert	smert.exe
File created	C:\Windows\Fonts\corbelb.ttf.smert	smert.exe
File created	C:\Windows\inf\wstorvsc.inf.smert	smert.exe
File created	C:\Windows\ehome\MhegVM.dll.smert	smert.exe
File created	C:\Windows\Fonts\ERASMD.TTF.smert	smert.exe
File created	C:\Windows\inf\atiriol6.inf.smert	smert.exe
File created	C:\Windows\inf\crcdisk.PNF.smert	smert.exe
File created	C:\Windows\inf\hcw85c64.inf.smert	smert.exe
File created	C:\Windows\inf\mdmcpq2.inf.smert	smert.exe
File created	C:\Windows\ehome\MediaRenderer\MediaCenter.DigitalMediaRenderer.AVTransport.xml.smert	smert.exe
File created	C:\Windows\ehome\ja-JP\ehentt.dll.mui.smert	smert.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	smert.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	smert.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2796	2744	smert.exe	31
PID 2744 wrote to memory of 2796	2744	smert.exe	31
PID 2744 wrote to memory of 2796	2744	smert.exe	31

C:\Users\Admin\AppData\Local\Temp\smert.exe
"C:\Users\Admin\AppData\Local\Temp\smert.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Users\Admin\AppData\Local\Temp\smert.exe
  "C:\Users\Admin\AppData\Local\Temp\smert.exe" --foodsum
  2⤵
  - Drops file in Drivers directory
  - Enumerates connected drives
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Modifies system certificate store
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.smert

Filesize
8KB

MD5
c372fe2847d904470b70eaeb5070ec86

SHA1
aa80cecf2bec8870c584c8683a8fc324f07b5ed2

SHA256
5eb8ceb57f02938f34286eb024e64024ad842aa53590bc6f256f42ae514a37fa

SHA512
a6bd359a1503627b14504f07770739cdf4daf9744931c5ca5b7762939660eef11ab973ee2c8d12dfc5be1f742249484522ef78c08266301071c88965ef299cf8

Download Submit
C:\Program Files\GrantUnblock.au3.smert

Filesize
336KB

MD5
690f3e2282c10b0f687b26e449e667f9

SHA1
1c89e8b6653f57a0594860a96e7a1fa83c0b4986

SHA256
34e1b41add2ee147644c8eee64142ebe49d74cd1734339ea277d83d0bf21b1d5

SHA512
4febb4ffaabbb8d03e3825f939317cfed56d2098a3e245fb6fe38bcbf7a71e2db4a943f9ef4effcdffaa18a284b51a6ad6bca8bf3ac9792d10ea562508dbf27b

Download Submit
C:\Users\Admin\Documents\README.txt

Filesize
795B

MD5
979f96a609b386fa66f3b04615a49564

SHA1
d639818c571d7feedb438b62443b52ec71ee99c9

SHA256
b29e86f27228cd87d4a5c802d67f4b31c6919794686a409b1eba6c45c86a9650

SHA512
86d8ce064a54471e69bb928ab22ce2ede6a61b458c8cc1e418c4352bd05ba16d9f4edcb5aa98c7b816990664a436e4836cdb06029d60695f0a0cca1ae4ff8790

Download Submit
C:\Users\Admin\Documents\ResolveSuspend.vssx.smert

Filesize
1.5MB

MD5
5875b6eb1ca39ba1673e4b2b17756e4c

SHA1
9adf8d657a22e95a21b22c2c1049381473e94efa

SHA256
d22bc7caddb631a3547a8aac17f5e6cdc17a3bcb01882deeb7b2fb1e092ac331

SHA512
515fb7e1fbff241330bb0b3c65964a680bfe3aeffef58aecc515d3e6c67f52a877da15004f19f524227ec0d21f2dc2c15783301fcb2d9d8d32c414df97fe378f

Download Submit
C:\Windows\Cursors\pen_rl.cur.smert

Filesize
1KB

MD5
c4fcb396b0bccbccabaa84680ca5e769

SHA1
8f60d70b9e6425eb15b28069cba338d5d4099795

SHA256
cdab4f38597ece5446a7915c669ea2b1782bf7676f1d91c155b1457b1c7eb7ca

SHA512
b96df588be57df409a6de83204179fa920527834d2cc5a994e7b3d6a2f95ac674b9de0504919f571ec57fe140f29172b9ed7b2fa8dc5959a9153cff6574582d3

Download Submit
C:\Windows\Cursors\up_il.cur.smert

Filesize
1KB

MD5
6d6b6cdcb5ac9a8f30de06ffccd15c13

SHA1
8ddeb7c94ed7c0fe47deeaf26131c5e3d4411f04

SHA256
337b8bd03b43ae909be089ab3ae9d3b3b716f174109ef0195c407e4c4808c63d

SHA512
fceec31c6660cca5767b813457cb73b20a78d1e72be07b9341af3e1eb6646048d017f9705bd6ce411841ba7e49160ef5bc163a5ce78b1654c97a7c8ab9595b97

Download Submit
C:\Windows\Fonts\BSSYM7.TTF.smert

Filesize
53KB

MD5
deca2dee13833860d1cb221e11183ed4

SHA1
f796cfb6beb46c5917a2e204f3f141a397bb2969

SHA256
f5f3c667786cdc87f7d8a19885e9c2eda3974a9aed5e8dfa119c3f0d688025da

SHA512
bd94929e4bf8eb5174bbde2633e1d4b8e49230b20a6cb6bfcc755a18f6710f60fae3755ed75e5e5009d021b18933b8b70f10657450df439f67a71f3b26e81858

Download Submit
C:\Windows\Fonts\GILI____.TTF.smert

Filesize
67KB

MD5
e1bfe6fd3f96065e333c65a3d39d90f8

SHA1
1f1bc217fe55218154ad35cd5bbd588aa91a8479

SHA256
02654b1e4adf90fa33d7ed816de9a2dfb0798746c715abf5cea70cd2e9ea6b8a

SHA512
cfe92dff541c6885ca5369d2d28686d28d5fd2c9ccb6bafcd528c955883e496e49270af090c76985295f426168b0bf8a6483056099dc4816ef3aa40caeb5bc74

Download Submit
C:\Windows\Fonts\arialbd.ttf.smert

Filesize
731KB

MD5
536050579471b305c25ae7ce7bbd2068

SHA1
fe31edd7dd3c1034b195b84cf9ed65537fc460d1

SHA256
2c6656661158f12895d1213a38e40bb2296993fb13c88a6ffb322e855ee974a6

SHA512
1c213320d632a44097e0367125a7fa4bf355eca43665fa5a0edb9942e139614954fdc3601280a5608c7b83d6212b0995424328a603a78139e2839f00dbf54197

Download Submit
C:\Windows\SysWOW64\cs-CZ\WMPhoto.dll.mui.smert

Filesize
2KB

MD5
6972ef283070d37862d59383a4e1440b

SHA1
61837ffd897de0a763c07fd333f5aa207eff78d2

SHA256
a7f096f6c3703fbfa086d4d6a420e8aa37ec7c2e99fc169ad91c022433db4c1d

SHA512
fe1075efb90c3ef093342b4be72b89f51592cec9e3f4fbe99dee896f6c193037d49ec2d3427fefef0930db680dd8aa98fefebc0747e253ea61c8da6aa3454232

Download Submit
C:\Windows\SysWOW64\en-US\SampleRes.dll.mui.smert

Filesize
3KB

MD5
79056b4ffacfaa4817310420c968ceea

SHA1
80ca9e84850e340dfa3d0e47bcccad1b5edc06fc

SHA256
708795f29cbd575be4867894953974664b7487f90d72410e91037380b2c5508c

SHA512
56480b16fd0d918ab243988d8c54b8681e76f0ea3903e27f1813e13fcf2eb09f125df7756c64fa487341713d39ed127c64a4f394a722cd80a50d992e63778442

Download Submit
C:\Windows\SysWOW64\en-US\napipsec.dll.mui.smert

Filesize
3KB

MD5
28705cd721c5f145c6d14bde99c2d8e7

SHA1
2f2495752b245b61d1672dd12fdaee38e917b6e4

SHA256
5faeacc7af182b694102451f0dfb29f90819b77cd82ccbdc19d11a73d3d54863

SHA512
92033e4929c99cca53a1ce30b9ffe9604cec255f89796d1d1dfcffd7f04773d851d5cc46b52a68abc8de6819462cbcd65df9616df19e539eaeb1290936fa8a46

Download Submit
C:\Windows\SysWOW64\it-IT\upnp.dll.mui.smert

Filesize
2KB

MD5
44d510ea3820fbedac7639c3ede3e05e

SHA1
32dfcc42f3ca9a22cfd0c0508c3d54bb5126cf3d

SHA256
44dd2e9f01b19f4c5eed2cf160c580f4693a3537c97e2e0c6f57c2fec51c2966

SHA512
7d73239811b62eb0a10a21816bc5fc5b1d64c468c3d3781895c2e726d4bfc42c25e6a933492e2fcff3f91613b84e7941dd8d5b77f2400c96ee57a25fd2308d67

Download Submit
C:\Windows\SysWOW64\it-IT\wiaservc.dll.mui.smert

Filesize
2KB

MD5
f4f2e56e36072fc06e8f715cdf3a2914

SHA1
98e65fc0c4cf484b62c59b4dc4c5b082d65e9efd

SHA256
ca08e24676f85fe683c03f0918b8fbe402f2c36d04f4e9f9611eba4d6b661b97

SHA512
e5656f4ccc06609efea07ac2c2b70d92e19913c3cd3123fef6f06de0ce0fcc4f45229fa719b0086f9b62fc053b51c542172e1bec2ab07409f37349eb78a4a3ac

Download Submit
C:\Windows\SysWOW64\ja-JP\adsldp.dll.mui.smert

Filesize
2KB

MD5
41d93c696c6e1e5cc330177e6ed7c46d

SHA1
0af48ee178f6665fc77c2d681b5344976d20cd8b

SHA256
05e3211d249a26d04162bc5b7bc6198c09d7851e4c5d6e1ccfa4e04bb5d3e85e

SHA512
6079e29cb30179f0cfea4e0d6534549b90cbe2ef88d3599d1a08f5fd15de2caaf4a3308bea85ac5acfee77d6f26b1ced4b2e511d5166988f3c0c4a8e832048b1

Download Submit
C:\Windows\SysWOW64\ja-JP\msaatext.dll.mui.smert

Filesize
2KB

MD5
59dcf04cdd51be6097e6aa072d3a7213

SHA1
a0321b2561e4934f2ea3b3bd3fab536145bb0b65

SHA256
7c4db71de33fff66b5e6a94c63ebecc0187c1585264300b5b72d0cb9cf39474b

SHA512
8cfff17e6b080aba8c2a5712f45f257b0d755c348e42fefd9ecd32e71b9b6f111b5c4e1aa60be08500c33ab687339cdb71072052ea373152cb7b998190b20479

Download Submit
C:\Windows\SysWOW64\sqlceoledb30.dll.smert

Filesize
148KB

MD5
7acbd1e0502af3714456462ae77e1ffb

SHA1
4bbc1c99d47c1d58ca65959c24824ae0ad9fce97

SHA256
5145ed0454b01cd47e2d362f3b3f8303b5907142c09930290e48a157fc2394ad

SHA512
ee1070be3bdf37c45835d11a2cbf50f45d08d5c9e15aae6ca49bfc9a8f8ac20f49f62b968c9f3cdcb82122bb79f07999204295768fc793c7716f4e0b293e8b74

Download Submit
C:\Windows\System32\es-ES\WPDSp.dll.mui.smert

Filesize
2KB

MD5
144e296915311716d466bae3c9750f1a

SHA1
ba05eb258cad27333051fc5cf0504d689e695ad7

SHA256
b19b39d2e3e7a579838c911e6567c87ab0615ebcec27c049dc8363da52bdbb40

SHA512
c8ea766968112d18de9a7821443a621044f7b9e664bddb7dfd84ca0a0e6f8dda39141b5db2f794a99dfcfe14d50a92691eca95b94a2b0b8b0d82af16f79126b6

Download Submit
C:\Windows\System32\es-ES\bthprops.cpl.mui.smert

Filesize
30KB

MD5
59afd41db0227565318446a101e06fcc

SHA1
a15d99f3fe4274603607882813db2c8e07e7b44c

SHA256
702d04926b9f49c2e5e227ae2d7280d35c817a697c0c567fa70229f47870bb06

SHA512
81916d28ea27dd13662174767ca7465f43a9f280a1899ce5a3e331cf472ceb2460770de9caf9bc1e5a79e7944483c8b5833fc32d570672a3b0ca8b320157df54

Download Submit
C:\Windows\System32\es-ES\msdrm.dll.mui.smert

Filesize
3KB

MD5
4b0120e55149cadc064c4e9508f00951

SHA1
845fc321522b5cf5f00a3c5ad71bab2e4bb55a40

SHA256
bb5d9b985df1d42acd7097bfe9539d7433bf9423aca2acc7db9c5f8766c6a94a

SHA512
978a3801c73c8c588d03d2f517abc3c5a5343b069c936a13a90748d00f00c259d9d96c1a70ee00a51bf2f880ae9f369a56770cd6273169173bcf9dd381355e2d

Download Submit
C:\Windows\System32\es-ES\pnidui.dll.mui.smert

Filesize
18KB

MD5
2f16948c529a6cb5b58ab14b0cf0c3dd

SHA1
6c1ad94d316ba6e88f82ad3b28ed0d2cb438c535

SHA256
fc5a1a6463733841fc678b919c17e8b3483ba127ad210d32de37da115579ba79

SHA512
9f77b301701a1fb51de21af1977bcdecbb8d1bde08e9bdd65dba8e32e13b4063e831a4417181233d8209ddfa02ba87867b9494698e00ffd06a86d59a76c52724

Download Submit
C:\Windows\System32\es-ES\rdpcorekmts.dll.mui.smert

Filesize
2KB

MD5
49b9a44ab51571c4a6bc251a01b13561

SHA1
5010ca72055f53b6b9a5ce83236bcc4bf1a8a6eb

SHA256
34540589e79610aece9a922c3877d6cd319cea5a9aedc3f938f27537828566c6

SHA512
689ea71eb4e84ce685014f9d831495090beb2346a019885370b1f5486c854b13a87652a82fbe7611d4d5eb2d093d93a56c563d72747a892e5afa73d57843128c

Download Submit
C:\Windows\System32\it-IT\adsmsext.dll.mui.smert

Filesize
2KB

MD5
a28e185cc6523b2c627def829bbf9ad8

SHA1
7589f13dde2d151b41809a8b0b6c8d606c967134

SHA256
12ec8b104fb4c3cdd737c3d099ee344014f40e38ca09c6b4b6afb0e55f29a873

SHA512
16fbd94119975f81aceb3dcbfc12218251033f615dfbcae35253b44582039c0bfad3ca63cfe67717998f4a530cc7739d47aa9484738869a200b950d3b47df323

Download Submit
C:\Windows\System32\it-IT\kernel32.dll.mui.smert

Filesize
855KB

MD5
3bfc76a58b9f03c8716bbf57235335e3

SHA1
bd35770e03dcfd0054bafda270ed671a31648589

SHA256
4a0aed27e2ec08451e1054a0017fc0d63ef326c92a6c9475af32c2f280982277

SHA512
91402109b0129673d6c1a9977739f63f1260b7ca8fe7de0bb9a130a67cb3da224a3dabcea6a093926cd040b85874e25bbe4a147c64d8bd4f2afb1b4f9e4ceec6

Download Submit
C:\Windows\ehome\ItvRes.dll.smert

Filesize
2KB

MD5
6f3ccfc853bdad0bc04dd369df53821d

SHA1
05b19868c80be6a47ad68e28925fcaa28e7e4d5a

SHA256
e24752869f99d1fb8afd67ebc4adde9d2447c94d7aa5d37ceb87a2a451bdf7e0

SHA512
55d10f99e58ae536369e1e6073f78593009d740f1f09e1588ba83361eaed7d08e88ce68c9a7f278eb4d5acff9dfff44a4b7587df141cc9a3ff0c347e7d1336da

Download Submit
C:\Windows\ehome\it-IT\playready_eula.txt.smert

Filesize
19KB

MD5
869f4e020308431d623fc6d1ac641df0

SHA1
1fbb81e8cceb7fb8e598f6a51b614c2347b7c6ea

SHA256
0b656847c0cc174e8fad4b9b86472ec443e9dab9e9cd4784ee8fa57f62cdf056

SHA512
6fefc698ceafa4153ea5b7f9cbec1a8e891072597cd5b00fd78fbf5156b4872846b5a663e9379144f780caa37613e39714aa8a593c943c40b864275edfd83749

Download Submit