65e3b326ace2ec3121f17da6f94291fdaf13fa3900dc8d997fbbf05365dd518f | Triage

Resubmissions

08-06-2023 20:18

230608-y3pgnsag5s 5

Analysis

max time kernel
290s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2023 20:18

Sharing

Report Analysis Logs

General

Target

v2.4_2023/Setup.exe
Size

1.2MB
MD5

b48edb144a48bd29e3078b1a06258bf9
SHA1

d82508bbb08a2600ae61ee3c642992823cb5eae6
SHA256

c05c7ec4570bfc44e87f6e6efc83643b47a378bb088c53da4c5ecf7b93194dc6
SHA512

4fa787d3e3d6eb722bb623616751d18cec8f8a4427c33fc5d12d354d40d05f90b35afa9d735b2fbb551dc2f0ebb85d694d87bc2cac4ffb9d7b7fc997f73f6be0
SSDEEP

24576:QvCy4ovy82hVPV8+QkKY54+Lfy24N5j5Q+0Htnl:ryCLVq+QmySRv+0N

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1660	Setup.exe
1660	Setup.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1660	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3056	1660	Setup.exe	82
PID 1660 wrote to memory of 3056	1660	Setup.exe	82
PID 1660 wrote to memory of 3056	1660	Setup.exe	82

C:\Users\Admin\AppData\Local\Temp\v2.4_2023\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\v2.4_2023\Setup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-133-0x000002A59ACC0000-0x000002A59ADEA000-memory.dmp

Filesize
1.2MB

Download
memory/1660-134-0x000002A59CB90000-0x000002A59CBA0000-memory.dmp

Filesize
64KB

Download
memory/1660-135-0x000002A5B58D0000-0x000002A5B5DF8000-memory.dmp

Filesize
5.2MB

Download