9a3245e6d3af81f8f515fca1dee9dc5e3aad9c2d263825ce975e2f2d19aa44e4

Analysis

max time kernel
133s
max time network
36s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-03-2023 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Smartphone.Tycoon MT/Redist/vcredist_x64.exe
Size

5.4MB
MD5

cbe0b05c11d5d523c2af997d737c137b
SHA1

027d0c2749ec5eb21b031f46aee14c905206f482
SHA256

c6cd2d3f0b11dc2a604ffdc4dd97861a83b77e21709ba71b962a47759c93f4c8
SHA512

75280d721550c2fa19b4f8d42b87d2fc6017f42709d84d2162c7330f7a0338bbd72cdc3f78626b10edcc602e2d22b174039254824334b3173d0ea48b3c06d1df
SSDEEP

98304:hsPj6quMcylIpk4nM6tmMUrfvEP0hcKju9Z/lTPU8UBHBKNpr1w36ZyY:+PjzDJ4M6tmXDsPKi1lTPmHipJwqL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Setup.exe

pid process

1600 Setup.exe
Loads dropped DLL 5 IoCs

Processes:

vcredist_x64.exeSetup.exe

pid process

1992 vcredist_x64.exe
1600 Setup.exe
1600 Setup.exe
1600 Setup.exe
1600 Setup.exe

pid	process
1600	Setup.exe

pid	process
1992	vcredist_x64.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

Setup.exe

pid process

1600 Setup.exe
1600 Setup.exe
1600 Setup.exe
1600 Setup.exe
1600 Setup.exe
1600 Setup.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Setup.exe

pid process

1600 Setup.exe

pid	process
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe
1600	Setup.exe

pid	process
1600	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

vcredist_x64.exe

description	pid	process	target process
PID 1992 wrote to memory of 1600	1992	vcredist_x64.exe	Setup.exe
PID 1992 wrote to memory of 1600	1992	vcredist_x64.exe	Setup.exe
PID 1992 wrote to memory of 1600	1992	vcredist_x64.exe	Setup.exe
PID 1992 wrote to memory of 1600	1992	vcredist_x64.exe	Setup.exe
PID 1992 wrote to memory of 1600	1992	vcredist_x64.exe	Setup.exe
PID 1992 wrote to memory of 1600	1992	vcredist_x64.exe	Setup.exe
PID 1992 wrote to memory of 1600	1992	vcredist_x64.exe	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Redist\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\Redist\vcredist_x64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1992

\??\c:\6b62d9345776f3c7637cc662\Setup.exe
c:\6b62d9345776f3c7637cc662\Setup.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1600

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\6b62d9345776f3c7637cc662\Setup.exe
Filesize
76KB

MD5
9a1141fbceeb2e196ae1ba115fd4bee6

SHA1
922eacb654f091bc609f1b7f484292468d046bd1

SHA256
28563d908450eb7b7e9ed07a934e0d68135b5bb48e866e0a1c913bd776a44fef

SHA512
b044600acb16fc3be991d8a6dbc75c2ca45d392e66a4d19eacac4aee282d2ada0d411d832b76d25ef505cc542c7fa1fdb7098da01f84034f798b08baa4796168

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFIAB8D.tmp.html
Filesize
16KB

MD5
c1fcf0b8b3c7d6b6d48e181228950014

SHA1
d17dea90cdcb52db723016ccc05b655f0dfb168c

SHA256
415815dde5d97fce8f77677771eb894041b4be336d1016573e5cb849f0922e3a

SHA512
55b904b5b89587e3aa10b45c038bc0e54c1079058cac592cbf624c09c2ec71e276c76fd7864568d01111f8db2b666b8f7c5fa493b4b72e5d15f128450d9859d7

Download Submit
\6b62d9345776f3c7637cc662\1033\SetupResources.dll
Filesize
16KB

MD5
718ab3eb3f43c9bcf16276c1eb17f2c1

SHA1
a3091fd7784a9469309b3edb370e24a0323e30ac

SHA256
e1a13f5b763d73271a1a205a88e64c6611c25d5f434cfa5da14feb8e4272ffaa

SHA512
9fa8a8d9645a9b490257c2dce3d31f1585f6d6069f9471f9e00dfaa9e457ff1db4c9176a91e02d7f0b61bae0c1fc76b56061eff04888a58aeb5ad2e8692fcf8a

Download Submit
\6b62d9345776f3c7637cc662\Setup.exe
Filesize
76KB

MD5
9a1141fbceeb2e196ae1ba115fd4bee6

SHA1
922eacb654f091bc609f1b7f484292468d046bd1

SHA256
28563d908450eb7b7e9ed07a934e0d68135b5bb48e866e0a1c913bd776a44fef

SHA512
b044600acb16fc3be991d8a6dbc75c2ca45d392e66a4d19eacac4aee282d2ada0d411d832b76d25ef505cc542c7fa1fdb7098da01f84034f798b08baa4796168

Download Submit
\6b62d9345776f3c7637cc662\SetupEngine.dll
Filesize
789KB

MD5
a030c6b93740cbaa232ffaa08ccd3396

SHA1
6f7236a30308fbf02d88e228f0b5b5ec7f61d3eb

SHA256
0507720d52ae856bbf5ff3f01172a390b6c19517cb95514cd53f4a59859e8d63

SHA512
6787195b7e693744ce3b70c3b3ef04eaf81c39621e33d9f40b9c52f1a2c1d6094eceaebbc9b2906649351f5fc106eed085cef71bb606a9dc7890eafd200cfd42

Download Submit
\6b62d9345776f3c7637cc662\SetupUi.dll
Filesize
288KB

MD5
c744ec120e54027c57318c4720b4d6be

SHA1
ab65fc4e68ad553520af049129fae4f88c7eff74

SHA256
d1610b0a94a4dadc85ee32a7e5ffd6533ea42347d6f2d6871beb03157b89a857

SHA512
6dcd0ab7b8671e17d1c15db030ee5349ab3a123595c546019cf9391ce05f9f63806149c3ec2f2c71635cb811ab65ad47bcd7031e2eff7a59059577e47dd600a7

Download Submit
\6b62d9345776f3c7637cc662\sqmapi.dll
Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1028\LocalizedData.xml
Filesize
29KB

MD5
12df3535e4c4ef95a8cb03fd509b5874

SHA1
90b1f87ba02c1c89c159ebf0e1e700892b85dc39

SHA256
1c8132747dc33ccdb02345cbe706e65089a88fe32cf040684ca0d72bb9105119

SHA512
c6c8887e7023c4c1cbf849eebd17b6ad68fc14607d1c32c0d384f951e07bfaf6b61e0639f4e5978c9e3e1d52ef8a383b62622018a26fa4066eb620f584030808

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1031\LocalizedData.xml
Filesize
40KB

MD5
b13ff959adc5c3e9c4ba4c4a76244464

SHA1
4df793626f41b92a5bc7c54757658ce30fdaeeb1

SHA256
44945bc0ba4be653d07f53e736557c51164224c8ec4e4672dfae1280260ba73b

SHA512
de78542d3bbc4c46871a8afb50fb408a59a76f6ed67e8be3cba8ba41724ea08df36400e233551b329277a7a0fe6168c5556abe9d9a735f41b29a941250bfc4d6

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1033\LocalizedData.xml
Filesize
38KB

MD5
5486ff60b072102ee3231fd743b290a1

SHA1
d8d8a1d6bf6adf1095158b3c9b0a296a037632d0

SHA256
5ca3ecaa12ca56f955d403ca93c4cb36a7d3dcdea779fc9bdaa0cdd429dab706

SHA512
ae240eaac32edb18fd76982fc01e03bd9c8e40a9ec1b9c42d7ebd225570b7517949e045942dbb9e40e620aa9dcc9fbe0182c6cf207ac0a44d7358ad33ba81472

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1033\SetupResources.dll
Filesize
16KB

MD5
718ab3eb3f43c9bcf16276c1eb17f2c1

SHA1
a3091fd7784a9469309b3edb370e24a0323e30ac

SHA256
e1a13f5b763d73271a1a205a88e64c6611c25d5f434cfa5da14feb8e4272ffaa

SHA512
9fa8a8d9645a9b490257c2dce3d31f1585f6d6069f9471f9e00dfaa9e457ff1db4c9176a91e02d7f0b61bae0c1fc76b56061eff04888a58aeb5ad2e8692fcf8a

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1036\LocalizedData.xml
Filesize
40KB

MD5
30dd04ce53b3f5d9363ade0359e3e0b2

SHA1
56bc3301013a2d0b08ecd38ff0a22b1040ef558e

SHA256
bf03073e0e939f3598aeb9aa19b655a24c4ad31f96065d6dc60f7c4df78653ba

SHA512
9cb1ff9ba0dc018f9e1bd301fbcb9e5c561f6a14c65290ebc0fe67cbdf59d1a09898a2f802c52339c10942c819ebb4bdd8b4c7f5f4f78af95f7c893641e41a34

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1040\LocalizedData.xml
Filesize
39KB

MD5
fe6b23186c2d77f7612bf7b1018a9b2a

SHA1
1528ec7633e998f040d2d4c37ac8a7dc87f99817

SHA256
03bbe1a39c6716f07703d20ed7539d8bf13b87870c2c83ddda5445c82953a80a

SHA512
40c9c9f3607cab24655593fc4766829516de33f13060be09f5ee65578824ac600cc1c07fe71cdd48bff7f52b447ff37c0d161d755a69ac7db7df118da6db7649

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1041\LocalizedData.xml
Filesize
33KB

MD5
6f86b79dbf15e810331df2ca77f1043a

SHA1
875ed8498c21f396cc96b638911c23858ece5b88

SHA256
f0f9dd1a9f164f4d2e73b4d23cc5742da2c39549b9c4db692283839c5313e04f

SHA512
ca233a6bf55e253ebf1e8180a326667438e1124f6559054b87021095ef16ffc6b0c87361e0922087be4ca9cabd10828be3b6cc12c4032cb7f2a317fdbd76f818

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1042\LocalizedData.xml
Filesize
32KB

MD5
e87ad0b3bf73f3e76500f28e195f7dc0

SHA1
716b842f6fbf6c68dc9c4e599c8182bfbb1354dc

SHA256
43b351419b73ac266c4b056a9c3a92f6dfa654328163814d17833a837577c070

SHA512
d3ea8655d42a2b0938c2189ceeab25c29939c302c2e2205e05d6059afc2a9b2039b21c083a7c17da1ce5eebdc934ff327a452034e2e715e497bcd6239395774c

Download Submit
\??\c:\6b62d9345776f3c7637cc662\1049\LocalizedData.xml
Filesize
39KB

MD5
1290be72ed991a3a800a6b2a124073b2

SHA1
dac09f9f2ccb3b273893b653f822e3dfc556d498

SHA256
6ba9a2e4a6a58f5bb792947990e51babd9d5151a7057e1a051cb007fea2eb41c

SHA512
c0b8b4421fcb2aabe2c8c8773fd03842e3523bf2b75d6262fd8bd952adc12c06541bdae0219e89f9f9f8d79567a4fe4dff99529366c4a7c5bf66c218431f3217

Download Submit
\??\c:\6b62d9345776f3c7637cc662\2052\LocalizedData.xml
Filesize
30KB

MD5
150b5c3d1b452dccbe8f1313fda1b18c

SHA1
7128b6b9e84d69c415808f1d325dd969b17914cc

SHA256
6d4eb9dca1cbcd3c2b39a993133731750b9fdf5988411f4a6da143b9204c01f2

SHA512
a45a1f4f19a27558e08939c7f63894ff5754e6840db86b8c8c68d400a36fb23179caff164d8b839898321030469b56446b5a8efc5765096dee5e8a746351e949

Download Submit
\??\c:\6b62d9345776f3c7637cc662\3082\LocalizedData.xml
Filesize
39KB

MD5
05a95593c61c744759e52caf5e13502e

SHA1
0054833d8a7a395a832e4c188c4d012301dd4090

SHA256
1a3e5e49da88393a71ea00d73fee7570e40edb816b72622e39c7fcd09c95ead1

SHA512
00aee4c02f9d6374560f7d2b826503aab332e1c4bc3203f88fe82e905471ec43f92f4af4fc52e46f377e4d297c2be99daf94980df2ce7664c169552800264fd3

Download Submit
\??\c:\6b62d9345776f3c7637cc662\DHTMLHeader.html
Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
\??\c:\6b62d9345776f3c7637cc662\ParameterInfo.xml
Filesize
9KB

MD5
322bedac27ce788189a7f346971656f8

SHA1
4a5cf6ddb0bd8cb840bd4fa2bc6803d372b76f9b

SHA256
e315eb9940e066be5fcbb6e7b78fb1ea37784a41e9ff4547ef7b50ad61848e54

SHA512
0f2e657b43b0b873c62fbb369d8ae4fed94239b05067ebb0acd19c3a8f9b90ceb4b42d6091980202ff51c781f6bc518b079828049f17c8b9e6fa329a09394c11

Download Submit
\??\c:\6b62d9345776f3c7637cc662\Setup.exe
Filesize
76KB

MD5
9a1141fbceeb2e196ae1ba115fd4bee6

SHA1
922eacb654f091bc609f1b7f484292468d046bd1

SHA256
28563d908450eb7b7e9ed07a934e0d68135b5bb48e866e0a1c913bd776a44fef

SHA512
b044600acb16fc3be991d8a6dbc75c2ca45d392e66a4d19eacac4aee282d2ada0d411d832b76d25ef505cc542c7fa1fdb7098da01f84034f798b08baa4796168

Download Submit
\??\c:\6b62d9345776f3c7637cc662\SetupEngine.dll
Filesize
789KB

MD5
a030c6b93740cbaa232ffaa08ccd3396

SHA1
6f7236a30308fbf02d88e228f0b5b5ec7f61d3eb

SHA256
0507720d52ae856bbf5ff3f01172a390b6c19517cb95514cd53f4a59859e8d63

SHA512
6787195b7e693744ce3b70c3b3ef04eaf81c39621e33d9f40b9c52f1a2c1d6094eceaebbc9b2906649351f5fc106eed085cef71bb606a9dc7890eafd200cfd42

Download Submit
\??\c:\6b62d9345776f3c7637cc662\SetupUi.dll
Filesize
288KB

MD5
c744ec120e54027c57318c4720b4d6be

SHA1
ab65fc4e68ad553520af049129fae4f88c7eff74

SHA256
d1610b0a94a4dadc85ee32a7e5ffd6533ea42347d6f2d6871beb03157b89a857

SHA512
6dcd0ab7b8671e17d1c15db030ee5349ab3a123595c546019cf9391ce05f9f63806149c3ec2f2c71635cb811ab65ad47bcd7031e2eff7a59059577e47dd600a7

Download Submit
\??\c:\6b62d9345776f3c7637cc662\SetupUi.xsd
Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
\??\c:\6b62d9345776f3c7637cc662\Strings.xml
Filesize
13KB

MD5
332adf643747297b9bfa9527eaefe084

SHA1
670f933d778eca39938a515a39106551185205e9

SHA256
e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

SHA512
bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

Download Submit
\??\c:\6b62d9345776f3c7637cc662\UiInfo.xml
Filesize
35KB

MD5
4f90fcef3836f5fc49426ad9938a1c60

SHA1
89eba3b81982d5d5c457ffa7a7096284a10de64a

SHA256
66a0299ce7ee12dd9fc2cfead3c3211e59bfb54d6c0627d044d44cef6e70367b

SHA512
4ce2731c1d32d7ca3a4f644f4b3111f06223de96c1e241fcc86f5fe665f4db18c8a241dae4e8a7e278d6afbf91b235a2c3517a40d4d22d9866880e19a7221160

Download Submit
\??\c:\6b62d9345776f3c7637cc662\graphics\print.ico
Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
\??\c:\6b62d9345776f3c7637cc662\graphics\save.ico
Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
\??\c:\6b62d9345776f3c7637cc662\graphics\setup.ico
Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
\??\c:\6b62d9345776f3c7637cc662\header.bmp
Filesize
7KB

MD5
3ad1a8c3b96993bcdf45244be2c00eef

SHA1
308f98e199f74a43d325115a8e7072d5f2c6202d

SHA256
133b86a4f1c67a159167489fdaeab765bfa1050c23a7ae6d5c517188fb45f94a

SHA512
133442c4a65269f817675adf01adcf622e509aa7ec7583bca8cd9a7eb6018d2aab56066054f75657038efb947cd3b3e5dc4fe7f0863c8b3b1770a8fa4fe2e658

Download Submit
\??\c:\6b62d9345776f3c7637cc662\sqmapi.dll
Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
\??\c:\6b62d9345776f3c7637cc662\watermark.bmp
Filesize
301KB

MD5
1a5caafacfc8c7766e404d019249cf67

SHA1
35d4878db63059a0f25899f4be00b41f430389bf

SHA256
2e87d5742413254db10f7bd0762b6cdb98ff9c46ca9acddfd9b1c2e5418638f2

SHA512
202c13ded002d234117f08b18ca80d603246e6a166e18ba422e30d394ada7e47153dd3cce9728affe97128fdd797fe6302c74dc6882317e2ba254c8a6db80f46

Download Submit
memory/1600-161-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download