Analysis
-
max time kernel
105s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
31/01/2023, 04:06
Static task
static1
Behavioral task
behavioral1
Sample
CV7Setup.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
CV7Setup.exe
Resource
win10v2004-20221111-en
General
-
Target
CV7Setup.exe
-
Size
59.2MB
-
MD5
e6a27a637fd827930f97f5de0659e888
-
SHA1
00ba2f84b8831cefde7470a5730515171eb302a2
-
SHA256
c2bb4e8d87a8cfea7b76b171cf3f87277e2a872df23b9fa31909bfb2d5fe87c3
-
SHA512
31c74bc0fdfa4740c3046667648a54604138982fedbe6b4cd72a2335c257c4198bda3e826c1065f1d1e7de9e7c3d6e90d37999a5b948670fa87db517879b3c48
-
SSDEEP
1572864:LOx54X+LYP+/mm/kAQ9GQ/KfyLhsL9BFh3LfnMYMmmj:LdXBmem/kAe3OyNsL9BFlLMY2j
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1860 CV7Setup.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4136 wrote to memory of 1860 4136 CV7Setup.exe 83 PID 4136 wrote to memory of 1860 4136 CV7Setup.exe 83 PID 4136 wrote to memory of 1860 4136 CV7Setup.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\CV7Setup.exe"C:\Users\Admin\AppData\Local\Temp\CV7Setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4136 -
C:\Users\Admin\AppData\Local\Temp\is-IAH07.tmp\CV7Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-IAH07.tmp\CV7Setup.tmp" /SL5="$E0048,61841514,63488,C:\Users\Admin\AppData\Local\Temp\CV7Setup.exe"2⤵
- Executes dropped EXE
PID:1860
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
707KB
MD5df6046b435ad190e465bb0798a540b98
SHA1bac7d15d0c5087ce862ff3c3b6c9dd33b473debc
SHA256322fc3961c481a37060e40700f7d2b938dfe9e0492233225fa1755ca5d1c64e1
SHA5127dab63821ebfa8aba5fd9205cc50beb9e301e90f8e9b0b0cf36ab6e8f53a6b03ba7cd3cc3c237d36355dc7ada056a80a2f119eceed71d5ac34f1c3cdd8057b5f