Overview

overview

7

Static

static

1

7l_ets2_setup.exe

windows7-x64

7

7l_ets2_setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2023, 03:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7l_ets2_setup.exe

  • Size

    3.4MB

  • MD5

    008ef153e82fe3fcb84ee58d327362b3

  • SHA1

    e101bb4cd8c4b43d7dbfdd6770723fe8b3a88c90

  • SHA256

    4f831eab3661ca1da52c33a73ae090a84e231b133b18c5a06c12ac65f51cd0f7

  • SHA512

    f7c12183442016cbb3a4168a86ed1ece2a1720e44ff700e3efbfceeb2b1b279f13c4e4eb83b1172398488981249f3a519666491990a4da5064e0cda995705c95

  • SSDEEP

    49152:ZBuZrEU0TITfUaT6iBC/k+zH/C+tZmI0gtMqKssioWGiy/qRd+qRMr+vF4xhginB:vkL0mxmTcmHqAEqnsXiy/OwOR6hgTBI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7l_ets2_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7l_ets2_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Users\Admin\AppData\Local\Temp\is-1D8RV.tmp\7l_ets2_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1D8RV.tmp\7l_ets2_setup.tmp" /SL5="$1A0022,2317243,943104,C:\Users\Admin\AppData\Local\Temp\7l_ets2_setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1D8RV.tmp\7l_ets2_setup.tmp
    Filesize

    3.1MB

    MD5

    40a591553f43a41bf20bded5ab6639c5

    SHA1

    4a27c14c8a7a1a00463be01cc2772ba177684823

    SHA256

    9a53de72ce122bc8ba4546ef0e01daffdd99b01ba2f92d6cf5deb990d9953690

    SHA512

    9017b606639634ae053cce7ef21c12a772d65253daed3bf1bcf7ef66381a4f5e39a60bdbf5bce29fb6b2c82986d9d1d58b04809e4be1a2bdaa57eab633e19891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-C9PU5.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • memory/364-138-0x00000000026C0000-0x00000000026C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/364-144-0x0000000000400000-0x000000000072E000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/364-145-0x00000000026C0000-0x00000000026C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4904-133-0x0000000000400000-0x00000000004F3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/4904-143-0x0000000000400000-0x00000000004F3000-memory.dmp

    Filesize

    972KB

    Download