96b9f76d4187e3b83a35848c75e74db4155ce966200fd985db7ebb65d9cc6e7f

Analysis

max time kernel
80s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05/03/2023, 19:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

wolvmsetup.exe
Size

5.0MB
MD5

9f06f30ac91487808c75a630575a8a36
SHA1

6e9c1bb53b2e4dad2483778bf423e9dbfea50a48
SHA256

96b9f76d4187e3b83a35848c75e74db4155ce966200fd985db7ebb65d9cc6e7f
SHA512

45030e00f47b969357a208850d454c0bf77c98907e5de429842632c613f18b314f44032f4b4ded093df056524d7461cf77b800ef7d73ed09c62d8ca2d2557eb8
SSDEEP

98304:VOMALnIZjy7hUu5IGY/3+a5UiSw7AT9jiiSl6k+THm9ub3KpDQpJNEZFCCVLt1eg:EMALIZjy7Su5Id/3+aU6c9Gii6k+zNil

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1992	wolvmsetup.tmp

Loads dropped DLL 2 IoCs

pid	Process
2044	wolvmsetup.exe
1992	wolvmsetup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1992	2044	wolvmsetup.exe	27
PID 2044 wrote to memory of 1992	2044	wolvmsetup.exe	27
PID 2044 wrote to memory of 1992	2044	wolvmsetup.exe	27
PID 2044 wrote to memory of 1992	2044	wolvmsetup.exe	27
PID 2044 wrote to memory of 1992	2044	wolvmsetup.exe	27
PID 2044 wrote to memory of 1992	2044	wolvmsetup.exe	27
PID 2044 wrote to memory of 1992	2044	wolvmsetup.exe	27

C:\Users\Admin\AppData\Local\Temp\wolvmsetup.exe
"C:\Users\Admin\AppData\Local\Temp\wolvmsetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\is-P4IT0.tmp\wolvmsetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-P4IT0.tmp\wolvmsetup.tmp" /SL5="$80022,4921663,426496,C:\Users\Admin\AppData\Local\Temp\wolvmsetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-P4IT0.tmp\wolvmsetup.tmp

Filesize
1.0MB

MD5
e62acfb305d84b03ad658d7f9c381d70

SHA1
1d54a851275f33ab21bf4a1090bec8fdba234f1f

SHA256
bed1bebbf281e3ba15d45c2dee6c3389f861c02f295173b287bd77a298fa6cde

SHA512
2ab823ca94269d26cd3181457a365a7703cd3fd25f784ea793569da4462348c0251c3e1f1757e5d914032441c06060a86e3a2eb446a15b78f5c7f0e3ee6c35bc

Download Submit
\Users\Admin\AppData\Local\Temp\is-GI32T.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
\Users\Admin\AppData\Local\Temp\is-P4IT0.tmp\wolvmsetup.tmp

Filesize
1.0MB

MD5
e62acfb305d84b03ad658d7f9c381d70

SHA1
1d54a851275f33ab21bf4a1090bec8fdba234f1f

SHA256
bed1bebbf281e3ba15d45c2dee6c3389f861c02f295173b287bd77a298fa6cde

SHA512
2ab823ca94269d26cd3181457a365a7703cd3fd25f784ea793569da4462348c0251c3e1f1757e5d914032441c06060a86e3a2eb446a15b78f5c7f0e3ee6c35bc

Download Submit
memory/1992-64-0x00000000020A0000-0x00000000020DC000-memory.dmp

Filesize
240KB

Download
memory/1992-66-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1992-68-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/1992-69-0x00000000020A0000-0x00000000020DC000-memory.dmp

Filesize
240KB

Download
memory/1992-75-0x00000000020A0000-0x00000000020DC000-memory.dmp

Filesize
240KB

Download
memory/1992-90-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/2044-54-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2044-67-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2044-92-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads