Overview

overview

10

Static

static

Setup (1).exe

windows11_x64

10

Setup (10).exe

windows11_x64

10

Setup (11).exe

windows11_x64

10

Setup (12).exe

windows11_x64

10

Setup (13).exe

windows11_x64

10

Setup (14).exe

windows11_x64

10

Setup (15).exe

windows11_x64

10

Setup (16).exe

windows11_x64

10

Setup (17).exe

windows11_x64

10

Setup (18).exe

windows11_x64

10

Setup (19).exe

windows11_x64

10

Setup (2).exe

windows11_x64

10

Setup (20).exe

windows11_x64

10

Setup (21).exe

windows11_x64

Setup (22).exe

windows11_x64

Setup (23).exe

windows11_x64

1

Setup (24).exe

windows11_x64

10

Setup (25).exe

windows11_x64

10

Setup (26).exe

windows11_x64

10

Setup (27).exe

windows11_x64

10

Setup (28).exe

windows11_x64

10

Setup (29).exe

windows11_x64

10

Setup (3).exe

windows11_x64

10

Setup (30).exe

windows11_x64

10

Setup (31).exe

windows11_x64

10

Setup (4).exe

windows11_x64

10

Setup (5).exe

windows11_x64

10

Setup (6).exe

windows11_x64

10

Setup (7).exe

windows11_x64

10

Setup (8).exe

windows11_x64

1

Setup (9).exe

windows11_x64

10

Setup.exe

windows11_x64

10

Resubmissions

15/10/2024, 15:36

241015-s1zlzasdkc 10

01/07/2024, 18:32

240701-w6yteawhmq 10

01/07/2024, 14:52

240701-r82wmaxdnd 10

01/07/2024, 14:52

240701-r8syqa1dpp 10

11/03/2024, 21:22

240311-z8dsssgg58 10

01/09/2021, 13:18

210901-5bmxjspa5s 10

01/09/2021, 13:04

210901-te4btfspqa 10

01/09/2021, 05:12

210901-4wnkwm1p3j 10

31/08/2021, 21:47

210831-41rp97dma2 10

Analysis

  • max time kernel
    585s
  • max time network
    1604s
  • platform
    windows11_x64
  • resource
    win11
  • submitted
    21/08/2021, 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup (29).exe

  • Size

    631KB

  • MD5

    cb927513ff8ebff4dd52a47f7e42f934

  • SHA1

    0de47c02a8adc4940a6c18621b4e4a619641d029

  • SHA256

    fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f

  • SHA512

    988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup (29).exe
    "C:\Users\Admin\AppData\Local\Temp\Setup (29).exe"
    1⤵
      PID:3688
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 1948
        2⤵
        • Program crash
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2012
    • C:\Windows\System32\sihclient.exe
      C:\Windows\System32\sihclient.exe /cv at4SxNkysUeLLXttOk82TQ.0.2
      1⤵
        PID:3600
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
        1⤵
        • Modifies data under HKEY_USERS
        PID:3028
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
        1⤵
          PID:4664
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3688 -ip 3688
          1⤵
          • Suspicious use of NtCreateProcessExOtherParentProcess
          • Suspicious use of WriteProcessMemory
          PID:1780

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3028-146-0x0000025205160000-0x0000025205170000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3028-147-0x00000252051E0000-0x00000252051F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3028-148-0x00000252055C0000-0x00000252055C4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3028-149-0x0000025207AB0000-0x0000025207AB4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3028-150-0x0000025207A70000-0x0000025207A71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3028-151-0x00000252055F0000-0x00000252055F4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3028-152-0x00000252055E0000-0x00000252055E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3028-153-0x00000252055E0000-0x00000252055E4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3028-154-0x00000252054C0000-0x00000252054C1000-memory.dmp

          Filesize

          4KB

          Download