c6169e024f84934dc059f85d28bb947e5e6694ae21406b6feef178a8a6800902

Analysis

max time kernel
62s
max time network
100s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-02-2023 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup x32.exe
Size

5.4MB
MD5

8ce3dd6ec449dc5a5a86696b78435217
SHA1

c82622c8d7a28bda5a9d5300b3051d5180556681
SHA256

b710fae61d729f59c56bd4f91717e8b7df9bdf318b79195e125e9fc5bc990844
SHA512

898792858c05001218d35fd4691975e0005c33744664c9f9e0bc93c8f886ee9c67dbc062fc5e22217f6079ea7a6948c2fe896d8f66dcc86a85be4e01650517ed
SSDEEP

98304:3AmhadoU8zQjqdb1osZ+iiPmyTeEUazpAkBxreHzWynR/MkXTwY2h1:QHcYqdl+iiPVTeEUazpAkBFehnRzW1

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	Setup x32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1900	Setup x32.exe

C:\Users\Admin\AppData\Local\Temp\Setup x32.exe
"C:\Users\Admin\AppData\Local\Temp\Setup x32.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download