Overview

overview

10

Static

static

3

MatrisSetu....0.exe

windows7-x64

10

MatrisSetu....0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2023 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MatrisSetup 2.5.0.0.exe

  • Size

    654.3MB

  • MD5

    917155e396b925d4d0d969d610c9c678

  • SHA1

    a04ccb87946bacb13e6dea7db0531ba06ca226c6

  • SHA256

    3a9c69009b81f3828ff4df44894b35b857cf8f50692b3da3bc269ab74cc74efa

  • SHA512

    b8b8a2ea42e1a0d08d9d705b22c226df9d92e2517149b93a730fba8af9da598c01ff3adddf2ccfd23586ee07fa9bd99a4792a87cd5b9c7e73fa0b38cda208d3e

  • SSDEEP

    12582912:g5r71/CNXYiFVhXIz6ND0rOvovsIhxr1Vt4/ltrvSjxlI5eR5A+KiiaGccamBx:gb6NoyVhYzcwrOvoUYytt8lNRh7nQx

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MatrisSetup 2.5.0.0.exe
    "C:\Users\Admin\AppData\Local\Temp\MatrisSetup 2.5.0.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Windows\Temp\{6F7189C3-1055-4909-B0DE-5ED4F5CB28D3}\.cr\MatrisSetup 2.5.0.0.exe
      "C:\Windows\Temp\{6F7189C3-1055-4909-B0DE-5ED4F5CB28D3}\.cr\MatrisSetup 2.5.0.0.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\MatrisSetup 2.5.0.0.exe" -burn.filehandle.attached=544 -burn.filehandle.self=648
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{6F7189C3-1055-4909-B0DE-5ED4F5CB28D3}\.cr\MatrisSetup 2.5.0.0.exe
    Filesize

    597KB

    MD5

    e201342321bd917dfe8f4180857b4ddf

    SHA1

    e7ccb0ffae9888a4f434f6caec54eac513f3f398

    SHA256

    0ed9320126326552f5b09bada9984e43a4eec81d78d30636dd0ad3ef72b07634

    SHA512

    9d9625bdb19aff94f266927e2ff1f38b1f2c518c50d22ffa784195ecbd8011116633faa6f6d88c1d33161fa659c30b2a7c28051ffcd40845e867b1b862ce4b86

    Download Submit

  • C:\Windows\Temp\{6F7189C3-1055-4909-B0DE-5ED4F5CB28D3}\.cr\MatrisSetup 2.5.0.0.exe
    Filesize

    597KB

    MD5

    e201342321bd917dfe8f4180857b4ddf

    SHA1

    e7ccb0ffae9888a4f434f6caec54eac513f3f398

    SHA256

    0ed9320126326552f5b09bada9984e43a4eec81d78d30636dd0ad3ef72b07634

    SHA512

    9d9625bdb19aff94f266927e2ff1f38b1f2c518c50d22ffa784195ecbd8011116633faa6f6d88c1d33161fa659c30b2a7c28051ffcd40845e867b1b862ce4b86

    Download Submit

  • C:\Windows\Temp\{CF454215-9921-4870-8CE6-7CC9993014B7}\.ba\logo.png
    Filesize

    852B

    MD5

    8346e21859a269dccf1e408dc7593cca

    SHA1

    239f10674bf6022854c1f1bf7c91955bde34d3e4

    SHA256

    cd2e8ed1fbb308d9d166f49794d323a9b22efba1033cdf906d1f4b030319e01b

    SHA512

    de9a54e7067fe4feade10f48d7c2bb4169f50efa0b06d3310421376690712af4d55dbc24dc5accc5013379b11abb59cc8c85896fe9f2a7c6a7ea2e28f6feac9f

    Download Submit

  • C:\Windows\Temp\{CF454215-9921-4870-8CE6-7CC9993014B7}\.ba\wixstdba.dll
    Filesize

    184KB

    MD5

    fe7e0bd53f52e6630473c31299a49fdd

    SHA1

    f706f45768bfb95f4c96dfa0be36df57aa863898

    SHA256

    2bea14d70943a42d344e09b7c9de5562fa7e109946e1c615dd584da30d06cc80

    SHA512

    feed48286b1e182996a3664f0facdf42aae3692d3d938ea004350c85764db7a0bea996dfddf7a77149c0d4b8b776fb544e8b1ce5e9944086a5b1ed6a8a239a3c

    Download Submit