7a06bf10a4e8cc07674e6ed620fbc8dda4b91565d7c62ff8a255688bb9b4d4c4

Resubmissions

20-09-2024 21:46

240920-1myrhszenm 10

20-09-2024 21:43

240920-1k7xeazdpl 6

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

imyfone-lockwiper_setup.exe
Size

2.9MB
MD5

f8b32e204dbf81a53f7af8049816e25f
SHA1

1d29574d0d26523b3eb394342e3ac3bc3ebb0abb
SHA256

7a06bf10a4e8cc07674e6ed620fbc8dda4b91565d7c62ff8a255688bb9b4d4c4
SHA512

f3190da71c180f896111efcc77d489b1ce454a2ed99477ca940a08bb48cd983b2dea0b23fe5690f9e799f6fa6bddb7bc7054e7c87783544a942380c0202f17bb
SSDEEP

49152:DhwMIHvI63WMBDe6Pu1MJ9TaPohZqJ3rZXYPlypM5HsSSHm7U7I:DeHw63Wmhu1u9TOohQJ3dhMJ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 37 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Arabic\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Portuguese\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Thai\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Korean\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Malaysian\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Swedish\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Arabic\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Chinese\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Dutch\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\text.ini	imyfone-lockwiper_setup.exe
File opened for modification	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\Log\imyfone_down.log	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Spanish\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\ChineseTW\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Dutch\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Indonesian\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Japanese\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\productInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Polish\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Portuguese\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Thai\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\German\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Polish\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Spanish\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Malaysian\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\language.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Chinese\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\ChineseTW\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\French\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\French\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Italian\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Japanese\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Indonesian\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Swedish\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\German\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Italian\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Korean\text.ini	imyfone-lockwiper_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-lockwiper_setup.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1324	imyfone-lockwiper_setup.exe

C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper_setup.exe
"C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper_setup.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads