Analysis
-
max time kernel
42s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30-08-2022 12:17
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
Setup.exe
-
Size
5.4MB
-
MD5
30697215893fca2f6188cdcd7f3ddedf
-
SHA1
07ebbdfecb6bab757dc71e5d94ddf02756ffb94f
-
SHA256
37fab777eed6ae75d322c8d57ddb6294a2599daa332041bb093e002904a9e0e7
-
SHA512
73ff33fb60cbb6dae797e328f5fcc9affaed8412e76fa8307c5f264d5c2178220e7be703821a063ecace1cc635de1c550dcd8342fcb9865541b25825dcae0e47
-
SSDEEP
24576:34wsvYyY7XdKoFMHUoigrfEjnDnwViw8quVaBfGgzxoRjADVLZDFgyThCl3RuQ57:Iw7S2wAqNBfGgNoRjADV4l3B
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid process target process PID 1840 set thread context of 138012 1840 Setup.exe AppLaunch.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
Setup.exedescription pid process target process PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe PID 1840 wrote to memory of 138012 1840 Setup.exe AppLaunch.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1840-54-0x0000000076401000-0x0000000076403000-memory.dmpFilesize
8KB
-
memory/1840-67-0x0000000000400000-0x000000000058D000-memory.dmpFilesize
1.6MB
-
memory/138012-55-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/138012-57-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/138012-64-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/138012-63-0x0000000000422DBD-mapping.dmp
-
memory/138012-66-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB