Overview

overview

8

Static

static

Setup_WinT...21.exe

windows7_x64

8

Setup_WinT...21.exe

windows10_x64

8

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    21-11-2021 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_WinThruster_2021.exe

  • Size

    6.1MB

  • MD5

    426fd133506f9bec04b326330e2b31a9

  • SHA1

    973bbb18d2c2ae7a12812700ee5253e68802bc0f

  • SHA256

    357f1b029541bda80fb1b5dc0c099069f32c93ac182a16219fb30d50229fd498

  • SHA512

    158e1049285bc4fcbb1104b3b7f9facb84813bceb9b25c0fa3d144252227abd5deb9161a39ba13e65563a7d0e0b2d9a9a9c9f951a825a73f27d2eae2f19c1278

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2021.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2021.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Users\Admin\AppData\Local\Temp\is-SDKDC.tmp\Setup_WinThruster_2021.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SDKDC.tmp\Setup_WinThruster_2021.tmp" /SL5="$80150,5514338,878080,C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2021.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-SDKDC.tmp\Setup_WinThruster_2021.tmp
    MD5

    3a3305330ad78837ffcd94fa287973e3

    SHA1

    73586304f35e4e8a6bba8574b9bacaaaae4af1f0

    SHA256

    89747c19d5ff724c19856ed9e6dc94cb72c3ac55f45d4a1fc079e979805afe54

    SHA512

    1044d1c8ee49f824562b0b90954a644516edb335499b3df01c3d8c346e66280129982ec135df7ee8e1509e37889b129bde040d6f89f22ec2a6144e95665e294a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-SDKDC.tmp\Setup_WinThruster_2021.tmp
    MD5

    3a3305330ad78837ffcd94fa287973e3

    SHA1

    73586304f35e4e8a6bba8574b9bacaaaae4af1f0

    SHA256

    89747c19d5ff724c19856ed9e6dc94cb72c3ac55f45d4a1fc079e979805afe54

    SHA512

    1044d1c8ee49f824562b0b90954a644516edb335499b3df01c3d8c346e66280129982ec135df7ee8e1509e37889b129bde040d6f89f22ec2a6144e95665e294a

    Download Submit

  • memory/864-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/864-58-0x0000000000400000-0x00000000004E4000-memory.dmp

    Filesize

    912KB

    Download

  • memory/1316-60-0x0000000000000000-mapping.dmp

    Download

  • memory/1316-63-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download