Overview

overview

8

Static

static

MEmu-setup...dk.exe

windows7-x64

8

MEmu-setup...dk.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    125s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MEmu-setup-abroad-sdk.exe

  • Size

    20.0MB

  • MD5

    581da0f19ef8388a0ba331ce0a617aaf

  • SHA1

    e050d686c3c5972aaf1a4fdec299e764ef9873eb

  • SHA256

    8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96

  • SHA512

    091a019846f2bf431ba7231ebe711d856f0839527c5dd68d59fa91cf22ddfffc7e3ad395ab4bd8b0f9fb90721872c9e2cc4428cb5dc8dd7fd137ff8dc2bb0943

  • SSDEEP

    393216:qpsmQyK0QtLJsv6tWKFdu9CnvUiOnKv647n+YlmYsp:qslbbDfvegmt

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 3 IoCs
  • Checks for any installed AV software in registry 1 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MEmu-setup-abroad-sdk.exe
    "C:\Users\Admin\AppData\Local\Temp\MEmu-setup-abroad-sdk.exe"
    1⤵
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2868

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DotSetupSDK\DotSetupSDK.dll
    Filesize

    30KB

    MD5

    0d1aad3d9ac30038b9594b0feeec254e

    SHA1

    2d5fc5bcfcc6ef131aa56d23bbe9de3db8fd65a2

    SHA256

    5470f9ca8260c30dc82260fb773b2506f986ba1185b038f48a433a6512154811

    SHA512

    111d1e3193fbddbc1d54b7d0d013ca100466c635d1bcdd2d9af6d430a01cfbb3edc8a3848a98ada9e2839349069e06b066663b4144a44af8356a4ecca62ad666

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DotSetupSDK\DotSetupSDK.dll
    Filesize

    30KB

    MD5

    0d1aad3d9ac30038b9594b0feeec254e

    SHA1

    2d5fc5bcfcc6ef131aa56d23bbe9de3db8fd65a2

    SHA256

    5470f9ca8260c30dc82260fb773b2506f986ba1185b038f48a433a6512154811

    SHA512

    111d1e3193fbddbc1d54b7d0d013ca100466c635d1bcdd2d9af6d430a01cfbb3edc8a3848a98ada9e2839349069e06b066663b4144a44af8356a4ecca62ad666

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DotSetupSDK\DotSetupSDK.dll
    Filesize

    30KB

    MD5

    0d1aad3d9ac30038b9594b0feeec254e

    SHA1

    2d5fc5bcfcc6ef131aa56d23bbe9de3db8fd65a2

    SHA256

    5470f9ca8260c30dc82260fb773b2506f986ba1185b038f48a433a6512154811

    SHA512

    111d1e3193fbddbc1d54b7d0d013ca100466c635d1bcdd2d9af6d430a01cfbb3edc8a3848a98ada9e2839349069e06b066663b4144a44af8356a4ecca62ad666

    Download Submit

  • memory/2868-135-0x0000000074090000-0x00000000740A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2868-136-0x0000000008570000-0x0000000008B14000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2868-137-0x00000000080A0000-0x0000000008132000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2868-138-0x0000000009140000-0x00000000091DC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2868-139-0x00000000091E0000-0x0000000009246000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2868-140-0x0000000009780000-0x0000000009CAC000-memory.dmp

    Filesize

    5.2MB

    Download