Overview

overview

8

Static

static

1

SetupExitL...72.exe

windows7-x64

8

SetupExitL...72.exe

windows10-2004-x64

7

Resubmissions

25/04/2023, 19:16

230425-xysg4acd95 7

25/04/2023, 19:10

230425-xvwekscd83 8

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2023, 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupExitLag_v4272.exe

  • Size

    19.7MB

  • MD5

    0e0e61bc0176794218f18d35330b0e40

  • SHA1

    88cf1a12e45b0edb7fe810c3394299ef2de19b4e

  • SHA256

    89180b430afa5712246b5dfce921e7bd02d396dc9195d094ba2e875ec2dbd8ea

  • SHA512

    903519017cb52c7e7d614f757370872f3a1c076fcf827c8f3118799559204231472ab05b09b9a3e75476dc5d570b9cd5e947d0652792dafebc935cb966c65243

  • SSDEEP

    393216:gUrhBxbvYVjC4OoNvZtTrfCuy9PxkjjlyKXRYa61GDIOZAsqbP7PWZi2u1f:g4aIoJZtffCdZxOlpOUZZZqzrWZA1f

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupExitLag_v4272.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupExitLag_v4272.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Users\Admin\AppData\Local\Temp\is-JG94E.tmp\SetupExitLag_v4272.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JG94E.tmp\SetupExitLag_v4272.tmp" /SL5="$E0056,19829384,887296,C:\Users\Admin\AppData\Local\Temp\SetupExitLag_v4272.exe"
      2⤵
      • Executes dropped EXE
      PID:5084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-JG94E.tmp\SetupExitLag_v4272.tmp
    Filesize

    3.1MB

    MD5

    5173d5dc7cbf0152255381845c78d927

    SHA1

    4d1a5ddec740e6763b9a64aa9112164e93719953

    SHA256

    8d892a27e6d5559ee2dc12f801f3abee78c25891b1e91a0469548fb2866b6fe1

    SHA512

    cd8439a6892d1c15ee10cc4d4ede8c89d43ae2314750661e4ed926910272cefbb5d151fc987ca9c8e61017a1babb4aba685a6e3e13a5b387f06d622ed3d90872

    Download Submit

  • memory/1020-133-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1020-140-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/5084-139-0x0000000000D20000-0x0000000000D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5084-141-0x0000000000400000-0x0000000000722000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/5084-142-0x0000000000D20000-0x0000000000D21000-memory.dmp

    Filesize

    4KB

    Download