Overview

overview

7

Static

static

1

setup.exe

windows10-1703-x64

7

Resubmissions

12/04/2023, 14:23

230412-rqb79ach27 7

12/04/2023, 13:35

230412-qvs6wscf54 7

Analysis

  • max time kernel
    152s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/04/2023, 13:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    196.2MB

  • MD5

    339d5597053d7c9e65cd2d32f7dcceb3

  • SHA1

    c48f4b68af513fff0a51528a9092d97cb62aac9c

  • SHA256

    eff59a857656e0b154bdadb15b39fbc641480fd7b08ec58c4c88eee50062ec47

  • SHA512

    671b5e1fd042c646d8633c3bb3f8673dd36b9877b26d9f55900f505dbde21b7009d31069acce194d6002fe88b076eadd461b7243e0e0deb8ab2a0c2ccf8c24e6

  • SSDEEP

    3145728:GnUoiIL7WEqZN6fOHwwRE7XpYukZ0l4GNufIhTzhrzfO0FFOw5MFkkbpBXrrDVIH:G5ik0uBwkkcXYIhHlzfO03B6FkmbXbVC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4624
    • C:\Users\Admin\AppData\Local\Temp\is-51OPC.tmp\setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-51OPC.tmp\setup.tmp" /SL5="$A003E,204856419,1008128,C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • Executes dropped EXE
      PID:4912

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-51OPC.tmp\setup.tmp
          Filesize

          3.2MB

          MD5

          eccf29321ac07639007328baf6b10f82

          SHA1

          d073d6c525da30cc6904410c4bf91b111232d027

          SHA256

          348bc74154692e64f21a02acf456a1e68c1ba66ed078670c0d3a23ab1bf9c791

          SHA512

          609de293b844388a82c38ec1e4435a1d6c24618c9fa5869cbd51f90bfcbda07221b52c7089812cabe2edda657fb45182f86ed7bda3f2d9de6487aad3d76b5415

          Download Submit

        • memory/4624-120-0x0000000000400000-0x0000000000503000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4624-126-0x0000000000400000-0x0000000000503000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4912-125-0x0000000000790000-0x0000000000791000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4912-127-0x0000000000400000-0x000000000073D000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/4912-142-0x0000000000400000-0x000000000073D000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/4912-148-0x0000000000400000-0x000000000073D000-memory.dmp

          Filesize

          3.2MB

          Download