Overview

overview

10

Static

static

ApplicationSetup.exe

windows7-x64

5

ApplicationSetup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    17s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2022 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ApplicationSetup.exe

  • Size

    128.0MB

  • MD5

    60ee531549f1d8f40c947c1c25de708c

  • SHA1

    893bf49b923eefe5623e8911e574a3f0f9b0f06d

  • SHA256

    6cbd68a14bf5c477faf6386b8d26c56595fed4e2a8acb66541d389fdd466b7cf

  • SHA512

    af9811505c205f3aafe7fd5261c5753898a2e977750e8b0cdc8543978fedb41a2ab1d553bdc85cffa8b78bc4b699dc971ab01f0eaa847251115433985e02e96a

  • SSDEEP

    196608:TPQ0KH/r+HRLsZdZw8JuOVGJRudWwTBh7wiMBQFOHS3nvSBrlY8L7e5D2OmtUrhy:6S+S

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ApplicationSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ApplicationSetup.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2020-54-0x00000000002A0000-0x00000000003E4000-memory.dmp

    Filesize

    1.3MB

    Download