Behavioral Report

Resubmissions

12-11-2021 18:04

211112-wnzb8aahhm 10

19-11-2020 10:08

201119-rhwlt38jrx 10

18-11-2020 17:26

201118-htd4fq29va 10

Analysis

max time kernel
1561s
max time network
1582s
platform
windows10_x64
resource
win10v20201028
submitted
19-11-2020 10:08

Sharing

Copy URL

Twitter E-mail

Report Files Registry Network Processes Mutex Misc

General

Target

SecurityTaskManager_Setup.exe

Score

8^/10

Malware Config

Signatures

Executes dropped EXE ⋅ 1 IoCs

Processes:

setup.exe

pid process

2208 setup.exe

pid	process
2208	setup.exe

Suspicious use of WriteProcessMemory ⋅ 3 IoCs

Processes:

SecurityTaskManager_Setup.exe

description	pid	process	target process
PID 508 wrote to memory of 2208	508	SecurityTaskManager_Setup.exe	setup.exe
PID 508 wrote to memory of 2208	508	SecurityTaskManager_Setup.exe	setup.exe
PID 508 wrote to memory of 2208	508	SecurityTaskManager_Setup.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"

Suspicious use of WriteProcessMemory

PID:508

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe

".\setup.exe"

Executes dropped EXE

PID:2208

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe
MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_bulgarian.txt
MD5
89f324a12d6e19b549027d3d7bfb7ae8

SHA1
a12479a93c5a70eaf5c4d606dddddefef05ef26e

SHA256
ab2386fff64d22e64fb1e553286996232980706683245806f185fd2f423fbdb5

SHA512
a0e1707719dd4d998f4e02df7672e75723b7dfc7e4f05f02741f059e6a69cc4444b805b9d7ac40ea53e97cd9ed2d89b0314b2b61105416582d6e9bea9965a8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_czech.txt
MD5
0d76174d68f5fce7e150c972eeacef9c

SHA1
4adc44d638859253e3befa3407fdbde8866a5456

SHA256
d5a4b68cdf201c17b466bc75d29e91b43dca6abda228caf2b6752e09b8a19058

SHA512
2ca4cbc1ef23a0b11bd32cff0824b655285d4c8f5535e7113f915e607361211e20ab28e6f5f1da2a26190141809f233434135c27598b6a7f14d4376cfb916f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_danish.txt
MD5
1325b58debc1e7a46c705a44b4504734

SHA1
d68af1fc501342923a23569bb058a7e1510c93da

SHA256
d740c5e0e760f7c7547b98d8ff67efa8cc2558fd05c1e086f25919fda5e681f6

SHA512
7427b50a0ca11bc74f9182c0ad2952b7a0495d75b53b8bae4fa88ce8b615bb905171fa7883a8ce6c93b778a36e579b8963646b7aeee5a4c2569a0e562f6bb56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_deutsch.txt
MD5
b33fed70df15a44085aa88647d211c81

SHA1
2ff758266c852d72a6c9aa001c4cb7f50ef15a76

SHA256
a097180501190a3efee4f776485a072a8ba3ec77ae3052932d602b4dfc767738

SHA512
f03330183172e48174c8603dd4ab371b03650ddc9c96941c1cfd9e5b394a60f98a6046d41916992bb8ce42400cb91d7976e4aa2822ee69f950d3e9c7e382d966

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_dutch.txt
MD5
b930f96bb386f7e289310c3f5063178a

SHA1
955a30d309d0dd17d289b918a611bdd9de43cc5d

SHA256
f49bf79f10c2af50e0a584d8f619551b21fe14683f2908ec552fb8364ddbc28a

SHA512
d4a47caf59956e67eaef294ce3e8732365eaf7623d2933b11d7758f80a4b92637dcdbe95ea1a1674f1b69a0b2ee3f97ba529c623c9e7ac9ca585464c0cc0c7aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_english.txt
MD5
34c121268b1c3fce53172b3933b075a3

SHA1
c44fa37db476886859aaef75878dd7806a7ab518

SHA256
f974ea70d717e59d27fa566eeae52831537207ad4bb6308ed93e387f5fced2c4

SHA512
6f2aed20f2ea8bc028f923918a4f2b5af131584af94f51536cdd6ba59ba389a8ad52c586226911d67af9d17b53151d677fe190ec0df4f16d5ace189ca3e503eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_finnish.txt
MD5
7d873c6c96a6725c7b0cb5dfb1a09e87

SHA1
dae7dd06dd465fc4f98d14d027025eef10c5bf77

SHA256
05dbe3b460b51194c276b9fa2b41292ec52e5e408fa005950f027cf11fb2bc26

SHA512
f5f98f46ae0cfb379f7de9258d12287c2f580181ef713af8a9a0b3f81cbc9cab1c9295e18244989bc875dd177f5f6727431cd0dc8b61dade61acdff09677e398

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_french.txt
MD5
3184a1d71306f0b0b2f73169520c1029

SHA1
59d84aa3bd19d6f2aad47450bb7c28da97057e11

SHA256
1dd3e5d60c64b21c265f4635473f9dfde10d1818f7a6ecb3693089c9e225d390

SHA512
bf7813a1410ff8e6a2fca41229147c121a85dab9dceed79a03e5e174eff98fe02c9e031c40c85e27c6af8a55de976983078d641da51a323c6ead8f3e7362719a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_hungarian.txt
MD5
a54d196a3a36ba5224d4c409489fda77

SHA1
95f6502f4f827f2b70c4aba2ceb8c9a6af9e439c

SHA256
a92d6b1995801bb2e13b8362bacdf2aeaa4efc5abe7a292c1446f60aae553158

SHA512
b774d369c66192ff1ec4cde1f5b11c8e2ef4d856d65bcb0abdee855a7fb41af6a9eebc88934722e13f09ed2d9679986c2556b26d28258778bbd2fbc04e8667ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_italiano.txt
MD5
6fa6baead051fa1ea55a9d617d74843e

SHA1
63adad9e223d3611243478c813906dea3de80115

SHA256
dfcd1e48dcaab1ca041c937a81774ef753cd0e9e3b0eddcc0b4c084585b0ef4f

SHA512
70ed25b4258ade5eda92c6bf3427217cb9dd78b7e843586198de24fcb1ee31a3b0d10613a3d18b06ebc7e2867a5111af5fb7cb7674fd55149767f038f3f771ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_japanese.txt
MD5
0e62e49c4a1868113e00e266d39c47a5

SHA1
2be41ae1857c30caf6e1124b51652ffc35779034

SHA256
1f6e19ca7500dd3193bdb2d384fe1feed96c1b1dbd9e58c4a27c71b90cb10cfe

SHA512
5a8ac80e582545b6d193db5b5e2013aa7ddc7f6e830f5cb497a4a2c1ec31c6dac382157cc0b0f0b8cf17e7247dbb9a094198131fe66e4f58c1c71a5749d2702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_korean.txt
MD5
992c0dde82beac0c0eb86b137744c196

SHA1
8ee1cfccac49a5b9df6d8f3572ecfcbe592676cf

SHA256
312980aa8444655137044d3323ed0f5f3d6d2d4d503512e029ffa4429d92fa6e

SHA512
074caed4ef7044c032960e3aa4240338356323fb3f880588bf35775dca462acfaf792a14d11113f7e814c19d7e947fed15ddec5f764d3b9a896c36a941192541

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_norwegian_bokmaal.txt
MD5
179fe4667bfe1d977d687493f59d7adb

SHA1
b3d900debc52ff3e77fb426636968c1f1feb2800

SHA256
3e7fe5d3b0095143d86173fd99775d8d0065eaafcf9dd683692062e026879922

SHA512
358d51d4f07207ec3017386458d3073e657636505c09cbe1b7e31b3cb778926a9a4a517ecb140e661d3b30586f12e94a5a659cd4cf9ac1332030ddfa3f511c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_polish.txt
MD5
ce3dcf85fa453f3d735005340ef90ae0

SHA1
2c33a89e2d7853d8b1dc40287485f172476129e3

SHA256
f1f0bfd7676420d8668d0676ecce039b84b023dd12ecdcc19ac4b01b1bb9de61

SHA512
db7f772511c79e159ef842bc1effe8ede244bdb0757446e97ddd39761c3540a05a2475f11fe90da2b8a9bf0c532cabecb27051a4bbe459387961294fbbb86bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese (Brasil).txt
MD5
07d5c6cf24d90859e1bbdec962662ac3

SHA1
2f4f9b6e3f1bdb3de3a44ad98427fc55738d4a8f

SHA256
485de5cc9654510903431e32cf7e7b9afaeb0a575bffca7af5f652429654f0b4

SHA512
689bd4b50a107cb2035dc8d9757d44d53b8c97a4a6979bb3cc2181cd416f6a5fab0293889c3dcde8887414590ff17df627da504d1936e3883300da411ab6ec90

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese.txt
MD5
57dd15b63e5116d4192756eac357fc77

SHA1
2e4cbdf15c9b2da2658b6e2df1d7faa26d5563cb

SHA256
3692ca1b6e64991835da21e50cd91f2c20395a0a2290655284ec477ed5e241c4

SHA512
316c68da136d6b23d40742e5da545acba87e0c9729663afb43f4a12d40505f8f51657de2ee22c7449d1fa072a9505d16759914e019f47d2b64d4f7fdbd120a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_russian.txt
MD5
27775d53a8f8bdd46d2cd07808540fa5

SHA1
f9c905347ac04e465583f5b57c0248d3bc052783

SHA256
1c0888d6a709c536a3f8f29cea3477c8bd1d91bc7beb68e6854c7228c52555dc

SHA512
96e9734ee5c383045f9779348c2977e87c6db249bd51e75667a46d34e105fbb9e99ab68df1ff9aaf092858f751f03996ec6c27b2b35fee7addc300d9642b3306

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_spanish.txt
MD5
1db8fa700e36994c13075acac2b3d1cb

SHA1
049a77576da0bed590109cc15129686d72e12399

SHA256
00fd546aab44ac4cf4cfd822b249ef7ecfa0a4b8afdd6438ecbfd9705c7ec746

SHA512
24a7ed6098c629bd210e0934c13656d6ece22f4da68296ead9a0883ab395afb90c3f37596b8f0007f4ebffef8688a7b1686c1618182a7299ed17da31636d09fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_swedish.txt
MD5
37f4289c2977a484189b9ff44a590b8f

SHA1
8165528ec43e0131d139e6696ed3317bd283d2d0

SHA256
ef67f369daf2eaa2878330c076654d4dec001d9e365e35888e82fb10cae2153d

SHA512
5684e6d543fffef1e08bb5645c3c4d2e1ae37a03243e9df1c44daf1f40f2514fdff8c7cf702d9c7e78f6dad0a7d93e4ded95ea58442125c85b87621d3839d12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_turkish.txt
MD5
ce97c5cc7ffaa5d6b18d313d4b8eae81

SHA1
1795b8763718fb31d1e0396567232d9891e49d81

SHA256
89ce1dbd43e5d377013f2228de688787350c8f11d908ecbc0ded355c7bc63663

SHA512
9efbfa39beb9e032121c57a3d8f713a387dfb7feda44bea4bdad8a80a2626644da324c01315475445974883aaedc0432ca53920f154427151b9b650d0ebbbc66

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_ukrainian.txt
MD5
df09a44cde9e14378fe3ddd47a8ca3fe

SHA1
39d880fd38980a5dde18c1fb94707711a07878fb

SHA256
59d771c4d45af27f793c38ee78a2a5c5667f877d7f65313cbad93bd8ec3b1fce

SHA512
5a3cf5f280d29496371e4ee8a21966bfd6aaaa208eddf4112d67198ff639798e68338b07ae5b8aeb498c7a3875ce2f42a8f037bf5359ab707d0a6e796510a33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman.exe
MD5
3733003588acfbc9ff5df9765c80d405

SHA1
b52befaf06a525407de46499706ffda1df024263

SHA256
0c87006a32e187cb1fef06dc9f19b547c78909e88ab59cc89d7b53aebbae9b4a

SHA512
b6c94eabecb85a507395c4a6c3717471bf2486d5b4dba8d946c0ae960af673455e9ff338f5c6bc33bb55b363c2d6a51fb0660d0aa0d99c6914ffb514f38be32b

Download Submit
memory/2208-0-0x0000000000000000-mapping.dmp

Download