Analysis
-
max time kernel
32s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27-01-2023 16:23
Static task
static1
Behavioral task
behavioral1
Sample
setupsoftapp19.0/setupsoftapp19.0.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
setupsoftapp19.0/setupsoftapp19.0.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
13 signatures
150 seconds
General
-
Target
setupsoftapp19.0/setupsoftapp19.0.exe
-
Size
662.6MB
-
MD5
7e3b388e559cd52d89365b77809df136
-
SHA1
e8dfcabcc2dfa7d803065d19b1922e08285bba93
-
SHA256
1c45a3aadd842b6c8c1e2920a270cc0a23493cee81d1d1833e4471a1c72973a5
-
SHA512
cebddf2f8b202f5e045bbaa74a3c3527f5fe8ee6352780217fd8413cb173d6ae164a76beeabd4a9da8633e51852528b70478ff4dacf2db588f9e869e54c1ec15
-
SSDEEP
12288:/MqhiSc4GDW93i1m3ZarAxxHuAK9MYCDAOmCLwY7NZ/zj6hmS6H1tp6S979ESZGt:Hzcow15KyA751q
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1612 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1612 powershell.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
setupsoftapp19.0.exedescription pid process target process PID 1172 wrote to memory of 1612 1172 setupsoftapp19.0.exe powershell.exe PID 1172 wrote to memory of 1612 1172 setupsoftapp19.0.exe powershell.exe PID 1172 wrote to memory of 1612 1172 setupsoftapp19.0.exe powershell.exe PID 1172 wrote to memory of 1612 1172 setupsoftapp19.0.exe powershell.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\setupsoftapp19.0\setupsoftapp19.0.exe"C:\Users\Admin\AppData\Local\Temp\setupsoftapp19.0\setupsoftapp19.0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1172-54-0x00000000001A0000-0x00000000001E8000-memory.dmpFilesize
288KB
-
memory/1172-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmpFilesize
8KB
-
memory/1612-56-0x0000000000000000-mapping.dmp
-
memory/1612-58-0x0000000072F90000-0x000000007353B000-memory.dmpFilesize
5.7MB
-
memory/1612-59-0x0000000072F90000-0x000000007353B000-memory.dmpFilesize
5.7MB