fa07cb20796000b002b1b4018bd21c7c664dd1e67b2c927811fb9f11158d9145

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2023, 20:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Office 2013-2019 C2R Install v6.4.4/files/setup.exe
Size

4.8MB
MD5

d4a7c7c3c92c4e9bc9bdee1c660e60db
SHA1

505c2d09923f957f6894f15fa2fd13615de6f4d1
SHA256

b95ac36a49e79c3e63e23eca86eac3d22acd80363d0f0aa83ba7ee7799acf2a5
SHA512

50fef647df8a13bc25b2cf5fab995664404953e3385ae0eafea6939c1587743014c0a1d277bc5b4cbad2a56bde92a3854f51cd1dcf7de710f219d15ebe141fbb
SSDEEP

98304:a0Ocn0xMTpKZKzRm0fxK2I94pXGOU8yhq5utbATwY2hlO:a0lKuppfs4pVU1t0TWl

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	setup.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	setup.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4452	setup.exe

C:\Users\Admin\AppData\Local\Temp\Office 2013-2019 C2R Install v6.4.4\files\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Office 2013-2019 C2R Install v6.4.4\files\setup.exe"
1⤵
- Checks computer location settings
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:4452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads