Overview

overview

10

Static

static

Setup_x32_x64.exe

windows7_x64

10

Setup_x32_x64.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    29s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    02-02-2022 02:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_x32_x64.exe

  • Size

    2.6MB

  • MD5

    752b5d56168b131d484cc84222f26104

  • SHA1

    f6adc3b4edc27649dc1d9e3dca9dd2bdfc5e6109

  • SHA256

    155861db5cd0ff2110fbf198d8c969b9577f74024eee5e4a62d47bf1c3958b1a

  • SHA512

    c904f69627b6e0d0a933970a1d43552843f1616b2a23f8b018f91e4ec7c0dd78d02db43e3a9406e97863595de07d8e4c8f6e42492b870655e49f7802533de5a5

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_x32_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_x32_x64.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Users\Admin\AppData\Local\Temp\Proxypub.exe
      "C:\Users\Admin\AppData\Local\Temp\Proxypub.exe"
      2⤵
      • Executes dropped EXE
      PID:1468
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1Btnm7
      2⤵
        PID:4824
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3a6946f8,0x7fff3a694708,0x7fff3a694718
          3⤵
            PID:4576
        • C:\Users\Admin\AppData\Local\Temp\Folder.exe
          "C:\Users\Admin\AppData\Local\Temp\Folder.exe"
          2⤵
          • Executes dropped EXE
          PID:2520
        • C:\Users\Admin\AppData\Local\Temp\LightCleaner532427.exe
          "C:\Users\Admin\AppData\Local\Temp\LightCleaner532427.exe"
          2⤵
          • Executes dropped EXE
          PID:3392
        • C:\Users\Admin\AppData\Local\Temp\Pinstall.exe
          "C:\Users\Admin\AppData\Local\Temp\Pinstall.exe"
          2⤵
            PID:1668
          • C:\Users\Admin\AppData\Local\Temp\Installation.exe
            "C:\Users\Admin\AppData\Local\Temp\Installation.exe"
            2⤵
              PID:4696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1Crmg7
              2⤵
                PID:2376
              • C:\Users\Admin\AppData\Local\Temp\Install.exe
                "C:\Users\Admin\AppData\Local\Temp\Install.exe"
                2⤵
                  PID:3972
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3a6946f8,0x7fff3a694708,0x7fff3a694718
                1⤵
                  PID:4296

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\Folder.exe
                  MD5

                  3270df88da3ec170b09ab9a96b6febaf

                  SHA1

                  12fbdae8883b0afa6a9bdcfceafc76a76fd9ee0d

                  SHA256

                  141fe5acd7e2f8c36ede3817b9ab4a9e7b6a2ec9ce7d6328e60eb718694f1d22

                  SHA512

                  eed53f01e4c90620ca7819721f960393a5441280cb3b01911cf36c0337199bedc97d34140fc56816923132a709cdac57b3b6d061a6a3a3ec8e078255c40a1291

                  Download Submit
                • C:\Users\Admin\AppData\Local\Temp\Folder.exe
                  MD5

                  3270df88da3ec170b09ab9a96b6febaf

                  SHA1

                  12fbdae8883b0afa6a9bdcfceafc76a76fd9ee0d

                  SHA256

                  141fe5acd7e2f8c36ede3817b9ab4a9e7b6a2ec9ce7d6328e60eb718694f1d22

                  SHA512

                  eed53f01e4c90620ca7819721f960393a5441280cb3b01911cf36c0337199bedc97d34140fc56816923132a709cdac57b3b6d061a6a3a3ec8e078255c40a1291

                  Download Submit
                • C:\Users\Admin\AppData\Local\Temp\Install.exe
                  MD5

                  37b024569e7dc9228afef2f458eec152

                  SHA1

                  ca5a9762ea2ce737f89186682d5035cfd621ecd1

                  SHA256

                  52b5b11c6ea0e3444ba004b8cc826fbcdb9ec1d3844ac988867e5d506cf4ffe1

                  SHA512

                  2ad1b345a8b4b1edd5d82265cf6b83eb43e79f2b3744ce459856ab1b605f77eb966b2d4e55ea479823c8af8329af810a7f0a802e99e3eb6f12260a3f4a5aeeee

                  Download Submit
                • C:\Users\Admin\AppData\Local\Temp\Installation.exe
                  MD5

                  788a85c0e0c8d794f05c2d92722d62db

                  SHA1

                  031d938cfbe9e001fc51e9ceadd27082fbe52c01

                  SHA256

                  18a52a5843ab328b05707f062ea8514ccabbc0152cc6bb9ee905c8cf563f0852

                  SHA512

                  f8cf410e0b9a59b0224c247ccdaec02118cd06bc16dcbff4418afb7ade80013c2f2c8b11d544b65474e28bc3d5aca5c4e06289b5d57e4fcdf80b7d46fd2f352f

                  Download Submit
                • C:\Users\Admin\AppData\Local\Temp\LightCleaner532427.exe
                  MD5

                  4b7cce098b99d61b316e705596731d65

                  SHA1

                  6001d33d293c5140c5f6fecd6b6fc0dad9afd7d6

                  SHA256

                  9ebdc99536a89c87e9412b00c7aa67ce9cb26b63be79f8cadc95be3fcd553742

                  SHA512

                  99bf36b7c8f2ac728b57cb9e38b2ca7f7b5200497b5525f752f9b68c46aa53aa5979f484f1dfed78173472be07f354bb148eb47eee95e0d2a42bf68321cda1bb

                  Download Submit
                • C:\Users\Admin\AppData\Local\Temp\Pinstall.exe
                  MD5

                  f7dc41f0907f347a5e2f763edcf1d325

                  SHA1

                  268db92b5287c8d1c3178862e75be82147893c5b

                  SHA256

                  85388dc07a919a5df05aae4cf9f444baf326c24aa3a5a51d248a54af4519ae17

                  SHA512

                  25d057e80364cc8cf4c006188c73c547863c9d50911fcaf710d5e36c6367fb13b19e11cc7237fbb1521bdd1a272606678da1b3ad8f624e5c566ffbb427cad7db

                  Download Submit
                • C:\Users\Admin\AppData\Local\Temp\Proxypub.exe
                  MD5

                  18e7107ee52b58980736a05489ae959a

                  SHA1

                  a9cbf31406dc03466b3d269301e8a9dd7dc36b01

                  SHA256

                  c725d66b9dfb2f9950b605ff2c03f207ed2d2c50af8e53879af1161073f90463

                  SHA512

                  989caeb6bdc1d6947a90d054f84a8721fce45438070188ccb20560e1b1c06b528e90861acc718dd5351bd8216ced4cd6e48ff03126533a8705e1676f0b1dd033

                  Download Submit
                • C:\Users\Admin\AppData\Local\Temp\Proxypub.exe
                  MD5

                  18e7107ee52b58980736a05489ae959a

                  SHA1

                  a9cbf31406dc03466b3d269301e8a9dd7dc36b01

                  SHA256

                  c725d66b9dfb2f9950b605ff2c03f207ed2d2c50af8e53879af1161073f90463

                  SHA512

                  989caeb6bdc1d6947a90d054f84a8721fce45438070188ccb20560e1b1c06b528e90861acc718dd5351bd8216ced4cd6e48ff03126533a8705e1676f0b1dd033

                  Download Submit