a8cd3c1eae4e7cd5335c3b0d8f9f4f16f3393f7ea37a28313ad6facbf075a3e7

Analysis

max time kernel
31s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

30.0MB
MD5

cf6fd1df52cb9745bfe78226ae510b31
SHA1

c8779934a08a5ffb02a189544f6940038eff0a46
SHA256

a8cd3c1eae4e7cd5335c3b0d8f9f4f16f3393f7ea37a28313ad6facbf075a3e7
SHA512

caf2d6927a901b65e0e9efbcc38f66dfe4163f86dadd01a29f42044d85b88572b461e0b3061f1246fe32b1279c13d2a8b812321bde61d7dcec350126f107d9b3
SSDEEP

786432:XE3VpIzZZHPenCSlmqj7uGMGvGEkyh3j8Y:XE3VWWCSlm87MryhX

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1556	Setup.tmp

Loads dropped DLL 3 IoCs

pid	Process
1292	Setup.exe
1556	Setup.tmp
1556	Setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 1556	1292	Setup.exe	26
PID 1292 wrote to memory of 1556	1292	Setup.exe	26
PID 1292 wrote to memory of 1556	1292	Setup.exe	26
PID 1292 wrote to memory of 1556	1292	Setup.exe	26
PID 1292 wrote to memory of 1556	1292	Setup.exe	26
PID 1292 wrote to memory of 1556	1292	Setup.exe	26
PID 1292 wrote to memory of 1556	1292	Setup.exe	26

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Users\Admin\AppData\Local\Temp\is-HI1NU.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HI1NU.tmp\Setup.tmp" /SL5="$60122,31194637,53248,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-HI1NU.tmp\Setup.tmp

Filesize
691KB

MD5
2e5dadc1722068c8ec619a04e2e38b4f

SHA1
b0c2d366c43db76cdbc11512d0d462d7a8e876e3

SHA256
1575bc3f44efc59e0ebd738bd6e29348a463212ce16e7f7f60244ec331e49292

SHA512
d632e629db43db82175e109cc5e2e9c5cf36a304f89a274b31cd4d21831b2a32973c6b650c337f0f57c9f317221608979639fa7f2099acb821fc2eddd334a11d

Download Submit
\Users\Admin\AppData\Local\Temp\is-G02VM.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-G02VM.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-HI1NU.tmp\Setup.tmp

Filesize
691KB

MD5
2e5dadc1722068c8ec619a04e2e38b4f

SHA1
b0c2d366c43db76cdbc11512d0d462d7a8e876e3

SHA256
1575bc3f44efc59e0ebd738bd6e29348a463212ce16e7f7f60244ec331e49292

SHA512
d632e629db43db82175e109cc5e2e9c5cf36a304f89a274b31cd4d21831b2a32973c6b650c337f0f57c9f317221608979639fa7f2099acb821fc2eddd334a11d

Download Submit
memory/1292-54-0x0000000075E81000-0x0000000075E83000-memory.dmp

Filesize
8KB

Download
memory/1292-55-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1292-60-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1292-63-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads