3683b717c0651a35fe3a0a5cf8a0a20f19e8a848675005fb08d0152b29857616

Analysis

max time kernel
144s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07-06-2023 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OpenIVSetup.exe
Size

33.0MB
MD5

58446a05397f2b391ad66c18ac42dd46
SHA1

fbca2ceb4da791983c133d54b44e9f8191b18260
SHA256

3683b717c0651a35fe3a0a5cf8a0a20f19e8a848675005fb08d0152b29857616
SHA512

f5fb192726a75051bb2cdb101a9ec85bbf7015d70568caacd32d9af64690ae6503c7699d860b611275005c3997de6fae1e4490990a40d12d1a7b836db852d991
SSDEEP

786432:JpY72Jimx2oeNm9iePejodLaYLCaYYXTU2vKBorzDa:eUfPeNm9mqHLqYj7a

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	OpenIVSetup.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1968	OpenIVSetup.exe

C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:1968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
628B

MD5
739bf2a85c8a1f186c6db28562bcb52e

SHA1
53297e6dd592acac05919803f86ff3f919f2878a

SHA256
d3fae75a23cdc9d1e9393747ab11f669fd9ea6115d333bdb76a7c4dff9e1d5c1

SHA512
99d0c5734d6077631804f6c5c0f28909c03cf07112e0f376ae5974fd7056f50b30487d17affec570102950d4cf74081300c13419a02c8ea7dfa93743b24a0f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
1KB

MD5
2a34dc9a2c319b08d1cdc61d8de7a669

SHA1
26681f9f20505671105a0f1fa22c52f0bf9aaaca

SHA256
8faff6e6841c2c35becf9cbf05711acc2cb98e85f1aba21e5e13d3389607c4cd

SHA512
4a432f49ffa4744c68b15ce11f8e8abeb9bf7e8303950539daa93610a73e65d85b28382910a14357b9d3b0715ad47da87005684d068e02884773d9ec25a2d967

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
4KB

MD5
51e8ff00f902dea67638991b8d47b0eb

SHA1
ae5d7e758a903d45884c195ad47660593ad7fab5

SHA256
7e58ead7d98a32db9f0d3b938d40f02830ea48c0fef32c0d5835e621b3024e8b

SHA512
7e5a0e99d399dbd8f57839f9036f26c64814325eb3586f8c8a52feb3ecf78f18b439dc05e9dc1addfec6b82f866171dc2dfcf5ae8c337b226433c6a42bd10f19

Download Submit
memory/1968-54-0x0000000000400000-0x000000000259D000-memory.dmp

Filesize
33.6MB

Download
memory/1968-55-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1968-87-0x0000000000400000-0x000000000259D000-memory.dmp

Filesize
33.6MB

Download
memory/1968-88-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download