27778cca3d3121f8a6d6eb18f184fec5a6180ea37f2019df5e7463dfec0d81f4

Analysis

max time kernel
58s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/02/2023, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SMP setup.exe
Size

196.6MB
MD5

927c1c98e8851a3d651cd0567490ff7a
SHA1

0d387869f07337eb3c8897834a3b89c2973165ae
SHA256

27778cca3d3121f8a6d6eb18f184fec5a6180ea37f2019df5e7463dfec0d81f4
SHA512

504585b11345765a0a6838f7de5078084efeba383b4d38556e714048451d91e35f2096c1c61030b31483a30afed88bd20fe85287866d5bfd5d5f71d398c47147
SSDEEP

3145728:2zNGszbqBKca0uR2UbLi2nDKafsCF953TnP6EU1U7j8w0oLxpAwWFLpjqDKCUDk:BTa1R2KiEzd953TP6Um4DAweqWZA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
988	SMP setup.tmp

Loads dropped DLL 3 IoCs

pid	Process
816	SMP setup.exe
988	SMP setup.tmp
988	SMP setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 988	816	SMP setup.exe	28
PID 816 wrote to memory of 988	816	SMP setup.exe	28
PID 816 wrote to memory of 988	816	SMP setup.exe	28
PID 816 wrote to memory of 988	816	SMP setup.exe	28
PID 816 wrote to memory of 988	816	SMP setup.exe	28
PID 816 wrote to memory of 988	816	SMP setup.exe	28
PID 816 wrote to memory of 988	816	SMP setup.exe	28

C:\Users\Admin\AppData\Local\Temp\SMP setup.exe
"C:\Users\Admin\AppData\Local\Temp\SMP setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:816
- C:\Users\Admin\AppData\Local\Temp\is-OT8RT.tmp\SMP setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-OT8RT.tmp\SMP setup.tmp" /SL5="$60120,205596299,209920,C:\Users\Admin\AppData\Local\Temp\SMP setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-OT8RT.tmp\SMP setup.tmp

Filesize
1.5MB

MD5
f1137b2a2cd2bd596117090d9f2da793

SHA1
f16c89642990d661c24eb7f5db3a410596ea72c9

SHA256
361352552d47e35f2aa17f0d866d75135810a49cd8170f0b4050cf283f95a39f

SHA512
dd942a0df586c0ef64e8a45669165906566028c31e987ca1946bb9b5f8283e049b2ce2a55dff018529a3290dd8067784399422bf0dcfb7418d18251f2177d087

Download Submit
\Users\Admin\AppData\Local\Temp\is-OT8RT.tmp\SMP setup.tmp

Filesize
1.5MB

MD5
f1137b2a2cd2bd596117090d9f2da793

SHA1
f16c89642990d661c24eb7f5db3a410596ea72c9

SHA256
361352552d47e35f2aa17f0d866d75135810a49cd8170f0b4050cf283f95a39f

SHA512
dd942a0df586c0ef64e8a45669165906566028c31e987ca1946bb9b5f8283e049b2ce2a55dff018529a3290dd8067784399422bf0dcfb7418d18251f2177d087

Download Submit
\Users\Admin\AppData\Local\Temp\is-VKCPQ.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-VKCPQ.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/816-54-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download
memory/816-55-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/816-63-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads