Overview

overview

8

Static

static

Setup Stud....0.exe

windows7_x64

8

Setup Stud....0.exe

windows10_x64

8

Resubmissions

03-11-2020 12:42

201103-ye573c9e42 8

03-11-2020 12:37

201103-cc58f8xvj6 8

Analysis

  • max time kernel
    4s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    03-11-2020 12:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup Studio One 5 v5.1.0.exe

  • Size

    129.5MB

  • MD5

    15b43bd6ad25da3f9d5613a8b2f8a343

  • SHA1

    aadc9f027164eb2b7a3b7f17e1c0b5245380a444

  • SHA256

    f777af867c1b91cbbb3020c2533b19df0c5c340baf840980bea6ec25f8bf28d7

  • SHA512

    d2edd7ef26545d8e9b6def9628eb3f0e508d2eca1941e3106d178e5158098545c6557fd505fbea458a7581c1e1b8be1e51604440fd792578c81625c4758796ec

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Users\Admin\AppData\Local\Temp\is-8PKS7.tmp\Setup Studio One 5 v5.1.0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8PKS7.tmp\Setup Studio One 5 v5.1.0.tmp" /SL5="$40156,135223530,401920,C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-8PKS7.tmp\Setup Studio One 5 v5.1.0.tmp
    MD5

    fc809e529045b95f153064607f4490a5

    SHA1

    79e6edab31167500db7ec34f206f8560ad9b528e

    SHA256

    9cedc0126ddf43441ad80ea65a5dcef5c99e33ef30cfd9fff626e6f30fc7a668

    SHA512

    35c853853b0aff4ae556a8bf73be5fca5508310c9d61bba5c1d637a2a403a51a8b01c576812f263f715b11f55ed5c226ea8eeed3cb4f0eca623be9595d9b663d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-8PKS7.tmp\Setup Studio One 5 v5.1.0.tmp
    MD5

    fc809e529045b95f153064607f4490a5

    SHA1

    79e6edab31167500db7ec34f206f8560ad9b528e

    SHA256

    9cedc0126ddf43441ad80ea65a5dcef5c99e33ef30cfd9fff626e6f30fc7a668

    SHA512

    35c853853b0aff4ae556a8bf73be5fca5508310c9d61bba5c1d637a2a403a51a8b01c576812f263f715b11f55ed5c226ea8eeed3cb4f0eca623be9595d9b663d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-VRGH7.tmp\ISSKINU.DLL
    MD5

    f30afccd6fafc1cad4567ada824c9358

    SHA1

    60a65b72f208563f90fba0da6af013a36707caa9

    SHA256

    e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

    SHA512

    59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-VRGH7.tmp\R2RINNO.dll
    MD5

    0f8bbab51c5f70093b7ed7dd825d68e8

    SHA1

    a96809560b3e9001124083937a339cf2453a94c8

    SHA256

    7fc4fa7f5cea34df0a6733527081886cfb1c49b369df2db454de87cc4e70bdb5

    SHA512

    7b824ad5d7ec786535106d98bc80c9350f35ac2b76d7ee20163e90becf076dfeaca4732c0ecbe2d3d84a2efef337c380d5548ca0123e69e66e30bb396f0b9b81

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-VRGH7.tmp\SKIN.CJSTYLES
    MD5

    5f87caf3f7cf63dde8e6af53bdf31289

    SHA1

    a2c3cc3d9d831acd797155b667db59a32000d7a8

    SHA256

    4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

    SHA512

    4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

    Download Submit

  • memory/1344-1-0x0000000000000000-mapping.dmp

    Download