054eb338da484de8663ef5834a982dced7faf677e6c2f4c1821c9b065dd53f64

Analysis

max time kernel
235s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2023 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

1023.0MB
MD5

62759456f17937aef1f9a8f71eace59e
SHA1

575f55b016a70fe2bb2179b7680e1647bdd98802
SHA256

5cea4c61038d1ab6b5307c24536cfe7ed4cfe5853de902f247a869a532979f66
SHA512

2abbe5eaf48629de6f80e501b65b60ff7f9b9e1d3b5b55cd7113ad871d302a7a26f794c503ae01a6baf346c39c4b5f79599a5d9f5e67dbafb992dd17c9388874
SSDEEP

6144:TsmTrYacdVTRoNxUeNfpMWQm+kT8YtSthFDU+jUKJsywG6FBuHZDINxIY5:N/8+xUedmW/eDU+jvJ6v

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4408 set thread context of 4516	4408	Setup.exe	85

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4408	Setup.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85
PID 4408 wrote to memory of 4516	4408	Setup.exe	85

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  PID:4516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4408-133-0x0000000000D10000-0x0000000000E26000-memory.dmp

Filesize
1.1MB

Download
memory/4408-134-0x000000001C9D0000-0x000000001C9E0000-memory.dmp

Filesize
64KB

Download
memory/4408-135-0x0000000001670000-0x0000000001671000-memory.dmp

Filesize
4KB

Download
memory/4408-136-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-137-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-139-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-141-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-143-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-145-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-147-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-149-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-151-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-153-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-155-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-157-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-159-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-161-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-163-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-165-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-167-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-169-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-171-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-173-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-175-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-177-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-179-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-181-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-183-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-185-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-187-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-189-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-191-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-193-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-195-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-197-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4408-199-0x0000000003800000-0x0000000003868000-memory.dmp

Filesize
416KB

Download
memory/4516-614-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/4516-615-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads