Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

7

Resubmissions

14-03-2023 22:51

230314-2s199sac83 10

14-03-2023 22:49

230314-2rmqgscb41 1

14-03-2023 22:41

230314-2mav5aac48 1

Analysis

  • max time kernel
    301s
  • max time network
    298s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    14-03-2023 22:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    79.8MB

  • MD5

    5f7f2d3361425087280490710a9d5aa9

  • SHA1

    ef6eb5190636a0318ca6ffd0267448bfaf1bdaa0

  • SHA256

    5e21723dd4e0cb7f75642346e60f24fe86263f1683de03ab1aa249576272d73e

  • SHA512

    955cdbf246a4d0fd5303d337bb11ed5e7730a75c9bb6d4c3cc69132303a94de7530b46bb8285881309066ed0b1ba09ff2192ec7f930e175d37eeff11e4cedf00

  • SSDEEP

    1572864:U9ouwWq+Za9KspIAhes2OU8wSpEvmggyPuBrJ5+ZGDZ2mptWeAJI2a:U9KlHs1keN8e+gd8L+ZIZ2mXmJI2a

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Users\Admin\AppData\Local\Temp\is-HSHRB.tmp\Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HSHRB.tmp\Setup.tmp" /SL5="$80046,82709273,888832,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-HSHRB.tmp\Setup.tmp
    Filesize

    3.1MB

    MD5

    eb66ac34b88e5b6dc4714ba010455c01

    SHA1

    1274dfe6a6e635eac02941618a663e2cb85b2d9a

    SHA256

    dfe011bf9dff78f8c1052f33bd1e4b4a856333bac13aed7d9e40589dd5f69698

    SHA512

    9f5c01f580a40c9745dd2cd44f894eba1b1e3179d5eb2f89db0687ad3e467ba70a295414fb691843f8206ce5ceddca6d73596d0b81ea656f43371c16c4f628d1

    Download Submit
  • memory/3032-138-0x00000000009D0000-0x00000000009D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3032-140-0x0000000000400000-0x0000000000720000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/3032-141-0x00000000009D0000-0x00000000009D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3348-133-0x0000000000400000-0x00000000004E6000-memory.dmp
    Filesize

    920KB

    Download
  • memory/3348-139-0x0000000000400000-0x00000000004E6000-memory.dmp
    Filesize

    920KB

    Download