Overview

overview

7

Static

static

1

OpenRailsSetup.exe

windows7-x64

7

OpenRailsSetup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1801s
  • max time network
    1586s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-03-2023 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OpenRailsSetup.exe

  • Size

    23.2MB

  • MD5

    8dffc24f78f71f2272c33f25be6b0be8

  • SHA1

    a4a49f250f346c5793eecd538fe4e6bd81dc3d75

  • SHA256

    52e5f6917d31474ec92aee87b32831011defaf0bdd2bfc52ac9272e929440b8f

  • SHA512

    b8ab4a5476b40b95480471d7e4eac25dcd225c922aa357a1e6584af6d985a6efc7b39a32925b1db80a563fb81eb325b93155dd06d47053bb84fc24e6d81d654c

  • SSDEEP

    393216:7XgdaUT5HaM0HhE3jI8oL8pW7C3QhvpGKxPpLUAUWzoMFcno6+OvXMO0VU3kLUTJ:7XgdR1muU8oQT38RxqWzp6o6+AP0VU+K

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OpenRailsSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\OpenRailsSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Users\Admin\AppData\Local\Temp\is-6G6BR.tmp\OpenRailsSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-6G6BR.tmp\OpenRailsSetup.tmp" /SL5="$9006A,23962851,56832,C:\Users\Admin\AppData\Local\Temp\OpenRailsSetup.exe"
      2⤵
      • Executes dropped EXE
      PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-6G6BR.tmp\OpenRailsSetup.tmp
    Filesize

    691KB

    MD5

    9303156631ee2436db23827e27337be4

    SHA1

    018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

    SHA256

    bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

    SHA512

    9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-6G6BR.tmp\OpenRailsSetup.tmp
    Filesize

    691KB

    MD5

    9303156631ee2436db23827e27337be4

    SHA1

    018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

    SHA256

    bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

    SHA512

    9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

    Download Submit
  • memory/1636-139-0x00000000021F0000-0x00000000021F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1636-145-0x0000000000400000-0x00000000004BD000-memory.dmp
    Filesize

    756KB

    Download
  • memory/1636-146-0x00000000021F0000-0x00000000021F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4912-133-0x0000000000400000-0x0000000000414000-memory.dmp
    Filesize

    80KB

    Download
  • memory/4912-144-0x0000000000400000-0x0000000000414000-memory.dmp
    Filesize

    80KB

    Download