Overview

overview

8

Static

static

Setup_WinT...22.exe

windows7_x64

8

Setup_WinT...22.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-06-2022 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_WinThruster_2022.exe

  • Size

    6.2MB

  • MD5

    3a7e7ea1cf919179c78d9c1984954703

  • SHA1

    e31ad15a0da3eb8da66cf41f7c867e5321a112ef

  • SHA256

    6ff7aedc498bef729553eafea78e4a5d498d52837f45c7c188d51cfaab10c2f9

  • SHA512

    c49c7c9fc88370ed88880bc2dcd2d24f611f2b96ebf9749600e7edfe563f06c8c3686a3fb6a4fa33ee9ade61ca8f79ba5a3372cfa2dcefad4a02af80687d46e2

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp" /SL5="$60124,5556089,878080,C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe"
      2⤵
      • Executes dropped EXE
      PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp
    Filesize

    3.1MB

    MD5

    e54d602e341148867b6314a9d0d497f6

    SHA1

    746b2a2380ff737505f2c3d4b8f28d7d6f9db7e0

    SHA256

    d683f80264ea32883ba13b2c641d595eaecb0f4efd77791d09713580cad304c6

    SHA512

    ad944b679fabd41954de8330f7eb9b644e374ee60d30cc89ed137578782446324b103a9937bac6aa9f0fbb65709e934e42e1d57cfa35b1f7c2de6885dacf798a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp
    Filesize

    3.1MB

    MD5

    e54d602e341148867b6314a9d0d497f6

    SHA1

    746b2a2380ff737505f2c3d4b8f28d7d6f9db7e0

    SHA256

    d683f80264ea32883ba13b2c641d595eaecb0f4efd77791d09713580cad304c6

    SHA512

    ad944b679fabd41954de8330f7eb9b644e374ee60d30cc89ed137578782446324b103a9937bac6aa9f0fbb65709e934e42e1d57cfa35b1f7c2de6885dacf798a

    Download Submit
  • memory/1464-58-0x0000000000000000-mapping.dmp
    Download
  • memory/1580-54-0x0000000076811000-0x0000000076813000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1580-55-0x0000000000400000-0x00000000004E4000-memory.dmp
    Filesize

    912KB

    Download
  • memory/1580-60-0x0000000000400000-0x00000000004E4000-memory.dmp
    Filesize

    912KB

    Download
  • memory/1580-62-0x0000000000400000-0x00000000004E4000-memory.dmp
    Filesize

    912KB

    Download