c6169e024f84934dc059f85d28bb947e5e6694ae21406b6feef178a8a6800902

Analysis

max time kernel
103s
max time network
125s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
11/02/2023, 21:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup x64.exe
Size

8.0MB
MD5

764e375aa9397578843d6bc3fd4b36fd
SHA1

93fba67749878860d3ed78ce13f4c6f3e0daa373
SHA256

292191d75b42f5052fe0a5c4a2767d027d74fd174e0ca8c1ae46c58e7076fb6b
SHA512

e6bba8e3113478bb98c8ff99e2a68688bf0754efea04b6e358de973b341e9e68498f79195aa63ce435db9ddee2fd79ada5b9a943b85d0a1aead3b157325fc64a
SSDEEP

98304:Q0oUcJEe9biTp9dPLASQlFVv0pXP/e+47PwY2h7:Q0cJEebgp9BLjYbaXPqPW7

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Control Panel\International\Geo\Nation	Setup x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1788	Setup x64.exe

C:\Users\Admin\AppData\Local\Temp\Setup x64.exe
"C:\Users\Admin\AppData\Local\Temp\Setup x64.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-54-0x000007FEFC201000-0x000007FEFC203000-memory.dmp

Filesize
8KB

Download