Overview

overview

10

Static

static

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    63s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/01/2023, 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    90.9MB

  • MD5

    9c7401301be2071690afd1d56ba21b11

  • SHA1

    5c2911deea7a166fd0d5f7e264f5ea51f8e25a66

  • SHA256

    c5c249e6654e69397786271dfda6b770bbd444a82e1de83fbf11bc1c418eeb12

  • SHA512

    a47f233f0412def9d0beb73b5f6f95708482c20b7c8b6e8f1c8d36183a292bb4c297ef7f2d6befd69ac18e5144819ca01681bdef3546980877c5b92fa862dee6

  • SSDEEP

    1572864:iF9CQ4CEmFZJG8bgXfG4NdxJNtpLzwHvMtxb5h+i6mgVCRG:iTDd7GVfT5JN3LSUtxdp6mu

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\is-1VCCF.tmp\Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1VCCF.tmp\Setup.tmp" /SL5="$801C4,94366084,912896,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1VCCF.tmp\Setup.tmp
    Filesize

    2.6MB

    MD5

    78712327252bed02dc38b9c4e8d481b0

    SHA1

    ec0c9a896be8d64a7d811af87ed99f5f1f9673d0

    SHA256

    3dc8b95786c242e788351920020f2a3e4b0dc9297a60a82e9c9e0ea3c93ca854

    SHA512

    092bafc81294ac3dab561217adfe2bf5c6bbcf5960fded86530406a9a9a410ff81198b3d65a5c83a83665c9ff07a09fa082db3ca087609e2e6e571b25d3283f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-M32HA.tmp\isxdl.dll
    Filesize

    130KB

    MD5

    f7b445a6cb2064d7b459451e86ca6b0e

    SHA1

    b05b74a1988c10df8c73eb9ca1a41af2a49647b7

    SHA256

    bd03543c37feb48432e166fe3898abc2a7fe854b1113ee4d5d284633b4605377

    SHA512

    9cf6d791132660d5246f55d25018ad0cf2791de9f6032531b9aca9a6c84396b8aeca7a9c0410f835637659f396817d8ba40f45d3b80c7907cccbe275a345a465

    Download Submit

  • memory/1284-132-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

  • memory/1284-136-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download