48b3cc0799138804952d7804a326a9356b4713be099d09a03d315d6fa8a6df28

Analysis

max time kernel
21s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-03-2023 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

445.4MB
MD5

3c8b5a353e44aaba17ce59a4924a2181
SHA1

4a37a03782dd4aa9b39cee134d92038e917120cf
SHA256

43f8acfcc15d7f48701769a324cb99b12c541e80185a7caa0b6be63fad025490
SHA512

1b2bb3467257c43f63787d88bd2dd5072bff3c888a12da53ce9812ed0de0af41492a846f30e9174fb9f231b98a213bc5ff02097a68cc1d65e78c040ce0cb5f8c
SSDEEP

98304:dkLr9c9WJPSHRzilwSzrgGzPgffmfmpS8J656RA:ur9c9eqH9ilweImfySF56RA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1144	setup.tmp

Loads dropped DLL 2 IoCs

pid	Process
1636	setup.exe
1144	setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1144	1636	setup.exe	27
PID 1636 wrote to memory of 1144	1636	setup.exe	27
PID 1636 wrote to memory of 1144	1636	setup.exe	27
PID 1636 wrote to memory of 1144	1636	setup.exe	27
PID 1636 wrote to memory of 1144	1636	setup.exe	27
PID 1636 wrote to memory of 1144	1636	setup.exe	27
PID 1636 wrote to memory of 1144	1636	setup.exe	27

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\is-KEI29.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-KEI29.tmp\setup.tmp" /SL5="$70120,4786959,938496,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-KEI29.tmp\setup.tmp

Filesize
3.1MB

MD5
6ed01e45e5bf1fb0f50408a973c69125

SHA1
bf65c72311a115f0a870bad044acd9c43a644461

SHA256
7b58eaa114f1c4088de6860642bdda0343b20afb0947bcb62639f009d8c9fe1f

SHA512
db9d33596e3df150f29c9bf745ccf73a1052aae43adfd263dd29d8864d356d7cdc66324465db07bd42a136ad782f7cf5f74e122d1e55178bf659a0262fbd336e

Download Submit
\Users\Admin\AppData\Local\Temp\is-KEI29.tmp\setup.tmp

Filesize
3.1MB

MD5
6ed01e45e5bf1fb0f50408a973c69125

SHA1
bf65c72311a115f0a870bad044acd9c43a644461

SHA256
7b58eaa114f1c4088de6860642bdda0343b20afb0947bcb62639f009d8c9fe1f

SHA512
db9d33596e3df150f29c9bf745ccf73a1052aae43adfd263dd29d8864d356d7cdc66324465db07bd42a136ad782f7cf5f74e122d1e55178bf659a0262fbd336e

Download Submit
\Users\Admin\AppData\Local\Temp\is-OEDTA.tmp\lcbkoaekwf.dll

Filesize
308KB

MD5
9afbe3895f23f99d160da31a9ae256b5

SHA1
c24598b4b152ce00c043c7ed1ecd380acab6a078

SHA256
34583f90cb62b7ce863b9c83d6d0f828b7b0692ba7edd441051fadb45d633aae

SHA512
6a09626405e61faa305f99f77a764e25a64fe0f27611d400448bceeaaad41b3495dc4b0b8d5ee0d8c6f234128843110b7484aafbabf1857a148cc0e4bb4a6a48

Download Submit
memory/1144-61-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1144-68-0x0000000000400000-0x000000000072D000-memory.dmp

Filesize
3.2MB

Download
memory/1636-54-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/1636-70-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads