Overview

overview

7

Static

static

1

CodeSetup-...5b.exe

windows7-x64

7

CodeSetup-...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2023 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CodeSetup-stable-5e805b79fcb6ba4c2d23712967df89a089da575b.exe

  • Size

    86.0MB

  • MD5

    1487cad29e454eded8cb3bae964d7493

  • SHA1

    7a5f3e45610914110338adfabb0bcef2dd96f784

  • SHA256

    e368c36736a400a1878907edc31776a07193aa6c862fbdf147f02938001cf1db

  • SHA512

    2a8a86ec467f6ac1dd6df6039a94df121f86dc210a386c9586341b6d26b9c58dbc1c625c43ae219e674b660d5b7d44edad9547d07084424e416a4c2202d648c5

  • SSDEEP

    1572864:WVg8kftRvGX5DrUzOHrlPBGqGYs93s99zxn1Y4tb1fm1jYOPUUEYJ0VZ4:WVgt6DrUzkhPaR9Y9Q4lICGn7J0V+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CodeSetup-stable-5e805b79fcb6ba4c2d23712967df89a089da575b.exe
    "C:\Users\Admin\AppData\Local\Temp\CodeSetup-stable-5e805b79fcb6ba4c2d23712967df89a089da575b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\is-6OEUS.tmp\CodeSetup-stable-5e805b79fcb6ba4c2d23712967df89a089da575b.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-6OEUS.tmp\CodeSetup-stable-5e805b79fcb6ba4c2d23712967df89a089da575b.tmp" /SL5="$A0028,89111930,828416,C:\Users\Admin\AppData\Local\Temp\CodeSetup-stable-5e805b79fcb6ba4c2d23712967df89a089da575b.exe"
      2⤵
      • Executes dropped EXE
      PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-6OEUS.tmp\CodeSetup-stable-5e805b79fcb6ba4c2d23712967df89a089da575b.tmp
    Filesize

    2.5MB

    MD5

    268d9d4b5f3f9d852d59429782c1345d

    SHA1

    9b5abc0bbacaf84912f6dbf78b92d8cb94cbb09a

    SHA256

    32d26a4c6629e93fb5ca9bd24893813e572221d9b2a1c6e33dcc843d2e10fdb2

    SHA512

    99edf055da8f866be7c5848ff462a7992091e25f9b1f89507be4435a1d6cd6c4a4cedf0d5b50c1b54c69e7d5f955a41c791b95af4facab9fa6aa0b51ab8f84f3

    Download Submit

  • memory/1956-139-0x0000000002670000-0x0000000002671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1956-141-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1956-142-0x0000000002670000-0x0000000002671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2084-133-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2084-140-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download