Analysis
-
max time kernel
157s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
22-11-2022 13:20
Static task
static1
Behavioral task
behavioral1
Sample
Setup_Topfpflanzenbau.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Setup_Topfpflanzenbau.exe
Resource
win10v2004-20221111-en
General
-
Target
Setup_Topfpflanzenbau.exe
-
Size
3.1MB
-
MD5
e9a062d4f24c2c003ef66bbf1cb4b748
-
SHA1
030bccea94af099c807b81adc8db7596562c321e
-
SHA256
44ddc246d89d715c0a28d404f2907cf3cd655265f02fd9e29bdcd9d6c438791b
-
SHA512
71a6dde852314e2fdae1799b6ed253e4f7a43b25c9c4af591013a23adf0bb4908f23f9227e0fd152d2c3217f132cd0d5786c4418ea8af5de9f51c8e9a7c47a8e
-
SSDEEP
98304:foA1JJs+NmfqbKLOEyJzgijYU/vuQ2H+a7:g2u+NBbbJzjYU/jM+6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Setup_Topfpflanzenbau.tmppid process 3316 Setup_Topfpflanzenbau.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Setup_Topfpflanzenbau.exedescription pid process target process PID 3492 wrote to memory of 3316 3492 Setup_Topfpflanzenbau.exe Setup_Topfpflanzenbau.tmp PID 3492 wrote to memory of 3316 3492 Setup_Topfpflanzenbau.exe Setup_Topfpflanzenbau.tmp PID 3492 wrote to memory of 3316 3492 Setup_Topfpflanzenbau.exe Setup_Topfpflanzenbau.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup_Topfpflanzenbau.exe"C:\Users\Admin\AppData\Local\Temp\Setup_Topfpflanzenbau.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-2PU1H.tmp\Setup_Topfpflanzenbau.tmp"C:\Users\Admin\AppData\Local\Temp\is-2PU1H.tmp\Setup_Topfpflanzenbau.tmp" /SL5="$901B6,3031278,67072,C:\Users\Admin\AppData\Local\Temp\Setup_Topfpflanzenbau.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-2PU1H.tmp\Setup_Topfpflanzenbau.tmpFilesize
701KB
MD549f873e8f3e7625a819905c0aeaa159b
SHA17bbda62db5e7c881f1198a4a27812f1d95040610
SHA256fcf3ae70e68aebe43d11264071f9ec1ad0222cb99aea777abe33942a227b23f5
SHA512194672abebef9fa21edcf4df20110b8027ce01b50775db47d824ea81e28d90cf3bad672df80ea1001c35c189e65c309e9dbbdfc6ce87579fb1d3e810b7911988
-
C:\Users\Admin\AppData\Local\Temp\is-2PU1H.tmp\Setup_Topfpflanzenbau.tmpFilesize
701KB
MD549f873e8f3e7625a819905c0aeaa159b
SHA17bbda62db5e7c881f1198a4a27812f1d95040610
SHA256fcf3ae70e68aebe43d11264071f9ec1ad0222cb99aea777abe33942a227b23f5
SHA512194672abebef9fa21edcf4df20110b8027ce01b50775db47d824ea81e28d90cf3bad672df80ea1001c35c189e65c309e9dbbdfc6ce87579fb1d3e810b7911988
-
memory/3316-135-0x0000000000000000-mapping.dmp
-
memory/3492-132-0x0000000000400000-0x0000000000417000-memory.dmpFilesize
92KB
-
memory/3492-134-0x0000000000400000-0x0000000000417000-memory.dmpFilesize
92KB
-
memory/3492-138-0x0000000000400000-0x0000000000417000-memory.dmpFilesize
92KB