40df120944411111cff226bbc8850800756fe6b99ab9bdda2c3234bae44fcef3

Analysis

max time kernel
142s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2023 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecurityTaskManager_Setup.exe
Size

2.9MB
MD5

6dac98c7e865cc42e303df3504b0f6a6
SHA1

befd8ef8a73ca588fee6f2e19485bf1502b58734
SHA256

40df120944411111cff226bbc8850800756fe6b99ab9bdda2c3234bae44fcef3
SHA512

172493b2e5397eee622975e20a3758bd3e0f3e466adcb1a3bd3844e1e5645050371f9a593cf1b56293fce8fb2309621f4950379149a5c77dc4850530a4f79652
SSDEEP

49152:Pd+HtGXcROvfipetV2pSDwRgrFYv7WS4oW+ehUpkKmltavtaKhGiD79jkL0O:Pd+pROvapetV2UIMgSoX/xscg6939jkl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

setup.exe

pid process

368 setup.exe

pid	process
368	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SecurityTaskManager_Setup.exe

description	pid	process	target process
PID 4264 wrote to memory of 368	4264	SecurityTaskManager_Setup.exe	setup.exe
PID 4264 wrote to memory of 368	4264	SecurityTaskManager_Setup.exe	setup.exe
PID 4264 wrote to memory of 368	4264	SecurityTaskManager_Setup.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4264

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
".\setup.exe"
2⤵
- Executes dropped EXE
PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe
Filesize
128KB

MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_bulgarian.txt
Filesize
37KB

MD5
89f324a12d6e19b549027d3d7bfb7ae8

SHA1
a12479a93c5a70eaf5c4d606dddddefef05ef26e

SHA256
ab2386fff64d22e64fb1e553286996232980706683245806f185fd2f423fbdb5

SHA512
a0e1707719dd4d998f4e02df7672e75723b7dfc7e4f05f02741f059e6a69cc4444b805b9d7ac40ea53e97cd9ed2d89b0314b2b61105416582d6e9bea9965a8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_chinese.txt
Filesize
26KB

MD5
5816c90c0fa6f363a1098a3ff8892267

SHA1
7a36ceedf4274bcf470c897631b99b0c60ead4ed

SHA256
60da3e32d256cf8ab02b86a05a483b6f49cc82b852c2ada55a3a0e2af4384eb3

SHA512
e733aec61a6a99fd659bc6d63805fd4ca0038c01012a14075aa1920b524a38ad6404f1e25ca881e5e47ead8df3c616fade8d7b7a94cbd4b45dcf7412be426114

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_czech.txt
Filesize
35KB

MD5
0d76174d68f5fce7e150c972eeacef9c

SHA1
4adc44d638859253e3befa3407fdbde8866a5456

SHA256
d5a4b68cdf201c17b466bc75d29e91b43dca6abda228caf2b6752e09b8a19058

SHA512
2ca4cbc1ef23a0b11bd32cff0824b655285d4c8f5535e7113f915e607361211e20ab28e6f5f1da2a26190141809f233434135c27598b6a7f14d4376cfb916f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_danish.txt
Filesize
34KB

MD5
1325b58debc1e7a46c705a44b4504734

SHA1
d68af1fc501342923a23569bb058a7e1510c93da

SHA256
d740c5e0e760f7c7547b98d8ff67efa8cc2558fd05c1e086f25919fda5e681f6

SHA512
7427b50a0ca11bc74f9182c0ad2952b7a0495d75b53b8bae4fa88ce8b615bb905171fa7883a8ce6c93b778a36e579b8963646b7aeee5a4c2569a0e562f6bb56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_deutsch.txt
Filesize
39KB

MD5
b33fed70df15a44085aa88647d211c81

SHA1
2ff758266c852d72a6c9aa001c4cb7f50ef15a76

SHA256
a097180501190a3efee4f776485a072a8ba3ec77ae3052932d602b4dfc767738

SHA512
f03330183172e48174c8603dd4ab371b03650ddc9c96941c1cfd9e5b394a60f98a6046d41916992bb8ce42400cb91d7976e4aa2822ee69f950d3e9c7e382d966

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_dutch.txt
Filesize
36KB

MD5
b930f96bb386f7e289310c3f5063178a

SHA1
955a30d309d0dd17d289b918a611bdd9de43cc5d

SHA256
f49bf79f10c2af50e0a584d8f619551b21fe14683f2908ec552fb8364ddbc28a

SHA512
d4a47caf59956e67eaef294ce3e8732365eaf7623d2933b11d7758f80a4b92637dcdbe95ea1a1674f1b69a0b2ee3f97ba529c623c9e7ac9ca585464c0cc0c7aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_english.txt
Filesize
36KB

MD5
34c121268b1c3fce53172b3933b075a3

SHA1
c44fa37db476886859aaef75878dd7806a7ab518

SHA256
f974ea70d717e59d27fa566eeae52831537207ad4bb6308ed93e387f5fced2c4

SHA512
6f2aed20f2ea8bc028f923918a4f2b5af131584af94f51536cdd6ba59ba389a8ad52c586226911d67af9d17b53151d677fe190ec0df4f16d5ace189ca3e503eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_finnish.txt
Filesize
36KB

MD5
7d873c6c96a6725c7b0cb5dfb1a09e87

SHA1
dae7dd06dd465fc4f98d14d027025eef10c5bf77

SHA256
05dbe3b460b51194c276b9fa2b41292ec52e5e408fa005950f027cf11fb2bc26

SHA512
f5f98f46ae0cfb379f7de9258d12287c2f580181ef713af8a9a0b3f81cbc9cab1c9295e18244989bc875dd177f5f6727431cd0dc8b61dade61acdff09677e398

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_french.txt
Filesize
39KB

MD5
3184a1d71306f0b0b2f73169520c1029

SHA1
59d84aa3bd19d6f2aad47450bb7c28da97057e11

SHA256
1dd3e5d60c64b21c265f4635473f9dfde10d1818f7a6ecb3693089c9e225d390

SHA512
bf7813a1410ff8e6a2fca41229147c121a85dab9dceed79a03e5e174eff98fe02c9e031c40c85e27c6af8a55de976983078d641da51a323c6ead8f3e7362719a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_hungarian.txt
Filesize
39KB

MD5
a54d196a3a36ba5224d4c409489fda77

SHA1
95f6502f4f827f2b70c4aba2ceb8c9a6af9e439c

SHA256
a92d6b1995801bb2e13b8362bacdf2aeaa4efc5abe7a292c1446f60aae553158

SHA512
b774d369c66192ff1ec4cde1f5b11c8e2ef4d856d65bcb0abdee855a7fb41af6a9eebc88934722e13f09ed2d9679986c2556b26d28258778bbd2fbc04e8667ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_italiano.txt
Filesize
40KB

MD5
e0686c0dc62343895f45f57db50cbc70

SHA1
c73dca7e98b014d9bc11bdb7955d60c0fd90b6b9

SHA256
32f2f71bbe5e04a78407b9268ea2cc4c1bd51cd73389da4728450c723c46cd94

SHA512
335d896b4fdb22234ed4b5735d187022c54c1caaee730361943d24e366c6dc7721d000a381f5b212a8817a97ee47b61118f34917151510acc1b94adcf91faf44

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_japanese.txt
Filesize
34KB

MD5
0e62e49c4a1868113e00e266d39c47a5

SHA1
2be41ae1857c30caf6e1124b51652ffc35779034

SHA256
1f6e19ca7500dd3193bdb2d384fe1feed96c1b1dbd9e58c4a27c71b90cb10cfe

SHA512
5a8ac80e582545b6d193db5b5e2013aa7ddc7f6e830f5cb497a4a2c1ec31c6dac382157cc0b0f0b8cf17e7247dbb9a094198131fe66e4f58c1c71a5749d2702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_korean.txt
Filesize
31KB

MD5
992c0dde82beac0c0eb86b137744c196

SHA1
8ee1cfccac49a5b9df6d8f3572ecfcbe592676cf

SHA256
312980aa8444655137044d3323ed0f5f3d6d2d4d503512e029ffa4429d92fa6e

SHA512
074caed4ef7044c032960e3aa4240338356323fb3f880588bf35775dca462acfaf792a14d11113f7e814c19d7e947fed15ddec5f764d3b9a896c36a941192541

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_norwegian_bokmaal.txt
Filesize
34KB

MD5
179fe4667bfe1d977d687493f59d7adb

SHA1
b3d900debc52ff3e77fb426636968c1f1feb2800

SHA256
3e7fe5d3b0095143d86173fd99775d8d0065eaafcf9dd683692062e026879922

SHA512
358d51d4f07207ec3017386458d3073e657636505c09cbe1b7e31b3cb778926a9a4a517ecb140e661d3b30586f12e94a5a659cd4cf9ac1332030ddfa3f511c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_polish.txt
Filesize
35KB

MD5
ce3dcf85fa453f3d735005340ef90ae0

SHA1
2c33a89e2d7853d8b1dc40287485f172476129e3

SHA256
f1f0bfd7676420d8668d0676ecce039b84b023dd12ecdcc19ac4b01b1bb9de61

SHA512
db7f772511c79e159ef842bc1effe8ede244bdb0757446e97ddd39761c3540a05a2475f11fe90da2b8a9bf0c532cabecb27051a4bbe459387961294fbbb86bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese (Brasil).txt
Filesize
38KB

MD5
07d5c6cf24d90859e1bbdec962662ac3

SHA1
2f4f9b6e3f1bdb3de3a44ad98427fc55738d4a8f

SHA256
485de5cc9654510903431e32cf7e7b9afaeb0a575bffca7af5f652429654f0b4

SHA512
689bd4b50a107cb2035dc8d9757d44d53b8c97a4a6979bb3cc2181cd416f6a5fab0293889c3dcde8887414590ff17df627da504d1936e3883300da411ab6ec90

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese.txt
Filesize
37KB

MD5
57dd15b63e5116d4192756eac357fc77

SHA1
2e4cbdf15c9b2da2658b6e2df1d7faa26d5563cb

SHA256
3692ca1b6e64991835da21e50cd91f2c20395a0a2290655284ec477ed5e241c4

SHA512
316c68da136d6b23d40742e5da545acba87e0c9729663afb43f4a12d40505f8f51657de2ee22c7449d1fa072a9505d16759914e019f47d2b64d4f7fdbd120a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_russian.txt
Filesize
36KB

MD5
27775d53a8f8bdd46d2cd07808540fa5

SHA1
f9c905347ac04e465583f5b57c0248d3bc052783

SHA256
1c0888d6a709c536a3f8f29cea3477c8bd1d91bc7beb68e6854c7228c52555dc

SHA512
96e9734ee5c383045f9779348c2977e87c6db249bd51e75667a46d34e105fbb9e99ab68df1ff9aaf092858f751f03996ec6c27b2b35fee7addc300d9642b3306

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_spanish.txt
Filesize
38KB

MD5
1db8fa700e36994c13075acac2b3d1cb

SHA1
049a77576da0bed590109cc15129686d72e12399

SHA256
00fd546aab44ac4cf4cfd822b249ef7ecfa0a4b8afdd6438ecbfd9705c7ec746

SHA512
24a7ed6098c629bd210e0934c13656d6ece22f4da68296ead9a0883ab395afb90c3f37596b8f0007f4ebffef8688a7b1686c1618182a7299ed17da31636d09fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_swedish.txt
Filesize
34KB

MD5
37f4289c2977a484189b9ff44a590b8f

SHA1
8165528ec43e0131d139e6696ed3317bd283d2d0

SHA256
ef67f369daf2eaa2878330c076654d4dec001d9e365e35888e82fb10cae2153d

SHA512
5684e6d543fffef1e08bb5645c3c4d2e1ae37a03243e9df1c44daf1f40f2514fdff8c7cf702d9c7e78f6dad0a7d93e4ded95ea58442125c85b87621d3839d12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_turkish.txt
Filesize
39KB

MD5
556405b4c3519915adb0b9a13986366c

SHA1
5aa44fe49df6c7e7e03be06d76e583bca281d66e

SHA256
9320fbf43e752912fff43bc804b43065d75c0924e109a99966825c50a8f04684

SHA512
a06909e508579a34dd48feb125b5f8adec3a0d876a2bc04bb48e52388f521a741f78ae8f31a2626beeb0fb63f198c9029ed70f97213a591b1e9517de2307276b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_ukrainian.txt
Filesize
33KB

MD5
df09a44cde9e14378fe3ddd47a8ca3fe

SHA1
39d880fd38980a5dde18c1fb94707711a07878fb

SHA256
59d771c4d45af27f793c38ee78a2a5c5667f877d7f65313cbad93bd8ec3b1fce

SHA512
5a3cf5f280d29496371e4ee8a21966bfd6aaaa208eddf4112d67198ff639798e68338b07ae5b8aeb498c7a3875ce2f42a8f037bf5359ab707d0a6e796510a33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
Filesize
128KB

MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
memory/368-205-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download