ab5268c60129d2e996824459f1837505c828184d08843dee542dc1e9a90db70a

Analysis

max time kernel
25s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-03-2023 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

445.4MB
MD5

b77fe22a340a87e451b4f5f062b7a1bc
SHA1

5fd3aedfb1340a6a921d305778a639f32bf0793c
SHA256

1b5f0b126d7116a817fcb25547f32af39c30daa28b29f1d489f1a67662da9c50
SHA512

8e2e982530c414475f15dd76d7f7b79fced453f8a9145090241a3d21584786d11a4f62ff612752676a853901bb588a4e42d6f7d23b28f7fc7716b135ce9984c1
SSDEEP

98304:GkLxL9c9WJPSHRzilwSzrgGZgffmfmpS4if/7eayQQ4y:xR9c9eqH9ilweGmfyS3fj/O

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2020	setup.tmp

Loads dropped DLL 2 IoCs

pid	Process
1324	setup.exe
2020	setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 2020	1324	setup.exe	28
PID 1324 wrote to memory of 2020	1324	setup.exe	28
PID 1324 wrote to memory of 2020	1324	setup.exe	28
PID 1324 wrote to memory of 2020	1324	setup.exe	28
PID 1324 wrote to memory of 2020	1324	setup.exe	28
PID 1324 wrote to memory of 2020	1324	setup.exe	28
PID 1324 wrote to memory of 2020	1324	setup.exe	28

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Users\Admin\AppData\Local\Temp\is-AP2PU.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AP2PU.tmp\setup.tmp" /SL5="$70126,4797154,948736,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-AP2PU.tmp\setup.tmp

Filesize
3.1MB

MD5
21ed2465bec636173ba17bc8b953badb

SHA1
e79566305dbda8661e435092db36f5ac22d85559

SHA256
bfa8b67c76ac0828d36502393c81163387017c7db980d10f9771686cc7b9b8e1

SHA512
0713c453ea727673c7230d40a7ace6fb0599a0260666d4cb46c70731bf69d77874221c3c9dc36b4383986bbe3f631585e072ba10330bba307c501cdd7838df1b

Download Submit
\Users\Admin\AppData\Local\Temp\is-38G16.tmp\lcbkoaekwf.dll

Filesize
308KB

MD5
c3eaba36ce47365730ceeff3830f9d2d

SHA1
0d65764bec452359610c090e751f7723201a0518

SHA256
765a1b2b923103b40bcc41457d8c49a4091c85310585a4d550576f1cc079b4f3

SHA512
4c0cc30c73928f2f2acf4c9044c5dc3677243c3ae99068740cb5651cac35ca54b35556a7c0562a254b2ed1bdf465a7b57d1a65f23acffdc99161adb9de5cd308

Download Submit
\Users\Admin\AppData\Local\Temp\is-AP2PU.tmp\setup.tmp

Filesize
3.1MB

MD5
21ed2465bec636173ba17bc8b953badb

SHA1
e79566305dbda8661e435092db36f5ac22d85559

SHA256
bfa8b67c76ac0828d36502393c81163387017c7db980d10f9771686cc7b9b8e1

SHA512
0713c453ea727673c7230d40a7ace6fb0599a0260666d4cb46c70731bf69d77874221c3c9dc36b4383986bbe3f631585e072ba10330bba307c501cdd7838df1b

Download Submit
memory/1324-54-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/1324-70-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/2020-65-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2020-68-0x0000000000400000-0x0000000000730000-memory.dmp

Filesize
3.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads