6e63becaf5c5e17a9d3afb6e2104eee3dbe473c8930ae8783eba0fedadb4a152

General

Target

TMACv6.0.7_Setup.exe
Size

5.1MB
MD5

a7c8cf1d50ebe630a7d0c47686a0abbf
SHA1

3229e8080975f4f5512d2382552f68c0389acff5
SHA256

a453b3ea8d8133531fad26b18701c694c324cc201e3069d07e99f0e100908c1a
SHA512

42340b7435605049e3f817feac1ac238177772b2b1ebf05eb9311bb58ee3dd1cab39913240a4c39e3407374009310770d8221c31914549524ecd92beab93b787
SSDEEP

98304:ARU3j4wtopcj2dqCYV1coZ4hv3tmF1b6CrjfW/sfH6s7zQcKDsVv/JLSF66b/:ARqt/CdqRc64hv3tmF1b6CffW/sfH6sm

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 6 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exeTMACv6.0.7_Setup.exe

pid process

2992 regsvr32.exe
2736 regsvr32.exe
2508 regsvr32.exe
2180 TMACv6.0.7_Setup.exe
2180 TMACv6.0.7_Setup.exe
2180 TMACv6.0.7_Setup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2992	regsvr32.exe
2736	regsvr32.exe
2508	regsvr32.exe
2180	TMACv6.0.7_Setup.exe
2180	TMACv6.0.7_Setup.exe
2180	TMACv6.0.7_Setup.exe

Drops file in System32 directory 3 IoCs

Processes:

TMACv6.0.7_Setup.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\COMDLG32.OCX	TMACv6.0.7_Setup.exe
File opened for modification	C:\Windows\SysWOW64\MSCHRT20.OCX	TMACv6.0.7_Setup.exe
File opened for modification	C:\Windows\SysWOW64\TABCTL32.OCX	TMACv6.0.7_Setup.exe

Drops file in Program Files directory 13 IoCs

Processes:

TMACv6.0.7_Setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\Read Me.txt	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\Installer.exe	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\index.css	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\logo.gif	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\normal_back_blue_w800.jpg	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\normal_footer_back_h30.jpg	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\normal_logo_back.jpg	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\oui.db	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\TMAC.exe	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\CLIHelp.txt	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\Default.tpf	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\EULA.txt	TMACv6.0.7_Setup.exe
File opened for modification	C:\Program Files (x86)\Technitium\TMACv6.0\help.html	TMACv6.0.7_Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

TMACv6.0.7_Setup.exeregsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TMACv6.0.7_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074F2-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074D3-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074F2-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07502-BA0A-11D1-B137-0000F8753F5D}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074E6-BA0A-11D1-B137-0000F8753F5D}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074DA-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E0750E-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}\1.1\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074D3-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074FA-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07504-BA0A-11D1-B137-0000F8753F5D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07525-BA0A-11D1-B137-0000F8753F5D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074D1-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E07515-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A2B370A-BA0A-11D1-B137-0000F8753F5D}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC5D0DE4-BD4C-11D1-B137-0000F8753F5D}\ = "VtChart Text Property Page Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074E6-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E0750C-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07517-BA0A-11D1-B137-0000F8753F5D}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074DE-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E07504-BA0A-11D1-B137-0000F8753F5D}\ = "IVcSeriesMarker"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074CD-BA0A-11D1-B137-0000F8753F5D}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074CF-BA0A-11D1-B137-0000F8753F5D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074D6-BA0A-11D1-B137-0000F8753F5D}\ = "IVcLocation"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E0751D-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC5D0DE0-BD4C-11D1-B137-0000F8753F5D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{65E121D4-0C60-11D2-A9FC-0000F8754DA1}\2.0\FLAGS\ = "2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{65E121D4-0C60-11D2-A9FC-0000F8754DA1}\2.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074CD-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074D6-BA0A-11D1-B137-0000F8753F5D}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074DC-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074F4-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07508-BA0A-11D1-B137-0000F8753F5D}\ = "IVcLabel"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E0750C-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabDlg.SSTab\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07504-BA0A-11D1-B137-0000F8753F5D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07506-BA0A-11D1-B137-0000F8753F5D}\ = "IVcStatLine"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074FA-BA0A-11D1-B137-0000F8753F5D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074EC-BA0A-11D1-B137-0000F8753F5D}\ = "IVcLightSource"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E07521-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A2B370A-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC5D0DDF-BD4C-11D1-B137-0000F8753F5D}\InprocServer32\ = "C:\\Windows\\SysWow64\\MSCHRT20.OCX"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074DC-BA0A-11D1-B137-0000F8753F5D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074EE-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A2B370A-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E074D8-BA0A-11D1-B137-0000F8753F5D}\ = "IVcFont"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074E6-BA0A-11D1-B137-0000F8753F5D}\ = "IVcFootnote"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\ = "Microsoft Tabbed Dialog Control 6.0 (SP6)"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}\1.1\0\win32\ = "C:\\Windows\\SysWow64\\TABCTL32.OCX"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC5D0DE3-BD4C-11D1-B137-0000F8753F5D}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E074E2-BA0A-11D1-B137-0000F8753F5D}\ = "IVcBackdrop"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9E0750C-BA0A-11D1-B137-0000F8753F5D}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9E0751B-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

TMACv6.0.7_Setup.exe

pid process

2180 TMACv6.0.7_Setup.exe
2180 TMACv6.0.7_Setup.exe

pid	process
2180	TMACv6.0.7_Setup.exe
2180	TMACv6.0.7_Setup.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

TMACv6.0.7_Setup.exe

description	pid	process	target process
PID 2180 wrote to memory of 2992	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2992	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2992	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2992	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2992	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2992	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2992	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2736	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2736	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2736	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2736	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2736	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2736	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2736	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2508	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2508	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2508	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2508	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2508	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2508	2180	TMACv6.0.7_Setup.exe	regsvr32.exe
PID 2180 wrote to memory of 2508	2180	TMACv6.0.7_Setup.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\TMACv6.0.7_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\TMACv6.0.7_Setup.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\system32\COMDLG32.OCX"
2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2992

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\system32\MSCHRT20.OCX"
2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2736

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\system32\TABCTL32.OCX"
2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Technitium\TMACv6.0\Installer.exe

Filesize
189KB

MD5
d7130a88660d4e29bbe7ed994e9529e9

SHA1
78c6720f3be088a1c563d7a888202617e9e373ef

SHA256
cbefffcacd8c34b244a6e10c3b72ccbe866ae6aa2da3496a6cc630c372d0ee25

SHA512
c99bbe2c0a615acf61c204844eab5c6fd7fe8f983be7ad3c4b57dad29ebce11e93d928ad037abea1bf0484f4be7bfe95c27b1e9dff789e9aa60f8b0c0e9e5ce1

Download Submit
C:\Windows\SysWOW64\MSCHRT20.OCX

Filesize
987KB

MD5
38ce0c8fcd78d00fd717ce3a91214cbc

SHA1
953b182806a8ddcde48b033537e3432a56d1cf39

SHA256
de49eb9f935416cc57a1b590cca686e4a14e7b3cbbde10b8ff7fb88642a215ce

SHA512
bd7c0319953c5280d1e0f961cd6324c70c4949c0db0aa1cd77c27a8a1abfd6e592164a8888e3a06b5b127614d9b9caf1dfcae95b9e50216547a8e8ffb1f00006

Download Submit
\Program Files (x86)\Technitium\TMACv6.0\Installer.exe

Filesize
184KB

MD5
1a56af5a19362ff83b99eda81f5dfdf9

SHA1
1282d21a54255a49b8b4d1b9b442a7d1d56bfca6

SHA256
72367e11dbf5e3ad9fa1cc4b2fbd3d8e3e5a26d5683cfc7b06b7d1ac33aa4011

SHA512
bfd138a0a25cbf3869ebc0fe0de7ef6b60425bfde536008ecacf7c3e6b5925a66c80734cf989056c2d36b240ceae4e447762d48dcc9ca866bd51cabf1c2cf0aa

Download Submit
\Program Files (x86)\Technitium\TMACv6.0\TMAC.exe

Filesize
712KB

MD5
230b4c45774e95dd75241068c68aeb0d

SHA1
ef46dd76a8c6d4a7d6882469015a07a9bf660a50

SHA256
6c3d76c9a4d1652ce25ae8c2ba1907167cfaa0054b8e1325f370c52eafa74c97

SHA512
fc08d219e1023d7929250ecab81f640e4114f51b184d9004da0887c93b24a6026931a71da4ef0e95caa2a416d858496b5e174bcd0dd3bd3a76bca6582283e90c

Download Submit
\Windows\SysWOW64\COMDLG32.OCX

Filesize
137KB

MD5
b73809a916e6d7c1ae56f182a2e8f7e2

SHA1
34e4213d8bf0e150d3f50ae0bd3f5b328e1105f5

SHA256
64c6ee999562961d11af130254ad3ffd24bb725d3c18e7877f9fd362f4936195

SHA512
26c28cb6c7e1b47425403ab8850a765ac420dd6474327ce8469376219c830ab46218383d15a73c9ea3a23fc6b5f392ee6e2a1632a1bf644b1bd1a05a4729e333

Download Submit
\Windows\SysWOW64\TABCTL32.OCX

Filesize
218KB

MD5
dc925b6d77ba9ecb532e2f6750be943b

SHA1
f71215e701401f0dd6fe143e3a630b2e168a4fac

SHA256
d10a197fd53e65dc910ca4aed86cb674c613ff14ce6436d1a445bb27a7a499e0

SHA512
ee9c40e695a29de7e7b8a9fe1ca01ebba9a8bdc199d46d98c71a4e3ecfec566f2fc31300a5e9867e8c791b15ac3ebec076f0710e0f6eec6c3fdea3bde37ab171

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads