Overview

overview

10

Static

static

SetupFile.exe

windows7-x64

1

SetupFile.exe

windows10-1703-x64

10

SetupFile.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    402s
  • max time network
    411s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-01-2023 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupFile.exe

  • Size

    762.9MB

  • MD5

    6ee8aef895a4a94d745ad2d1464e316c

  • SHA1

    cf6ae8cb821267875a5b7224e13a1ea3b43d87bb

  • SHA256

    76f4b9e74057d1a8d59934479a69c601833f3e7151f70f576924a70228451c7c

  • SHA512

    97c7d9fa7e64f487d29704a57dd9bfe2f4478a709ddf5e1eae412148250f2755436a0104fc9ea76d6f6d7dd02fd2c7d19e4693cde35f98b7727a471142eb8b55

  • SSDEEP

    98304:tfE8eSY+aKtQGU+dbeIhDDL1l1eEdW+xy/UNRc9X6UI4lXq81rwQIaVMPauQPKCx:tfEhj+3U+x9Xl13W8ysNRc9r/pqUx

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupFile.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupFile.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe"
      2⤵
        PID:900

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1520-54-0x0000000001140000-0x000000000205E000-memory.dmp
      Filesize

      15.1MB

      Download
    • memory/1520-55-0x000000001BF90000-0x000000001C1EE000-memory.dmp
      Filesize

      2.4MB

      Download