Overview

overview

7

Static

static

3

InsightCon...st.exe

windows7-x64

7

InsightCon...st.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2023, 08:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    InsightConfigurator_latest.exe

  • Size

    45.1MB

  • MD5

    9667fab6a990c36c6bbbc009a6ecb66a

  • SHA1

    b7759fedf8a21f5243d6a5d1075ee6d3d9e04ac3

  • SHA256

    22c31092050d1ddc6e36afa8b418df14f6c3c1ac846689177438c6f1c1b93f7f

  • SHA512

    c9bfb41ca60295d2981cd3f70ebf91866bd856d57cae1078d090d80ab8821119bf1d3e336b5a8a492c9306d0017266344fb592f3268229a3d9cc6c19ee8bbd16

  • SSDEEP

    786432:SIjDsp3fSVNW+DPOXPbD7e1qW8fLXK5JQbu66lepnpKjxqEo4NLytZukcVu0:paSVNziSv8fjK56bW8ppKjxS4cikcN

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InsightConfigurator_latest.exe
    "C:\Users\Admin\AppData\Local\Temp\InsightConfigurator_latest.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Windows\Temp\{1AB55049-DA22-49A5-888A-760210482779}\.cr\InsightConfigurator_latest.exe
      "C:\Windows\Temp\{1AB55049-DA22-49A5-888A-760210482779}\.cr\InsightConfigurator_latest.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\InsightConfigurator_latest.exe" -burn.filehandle.attached=540 -burn.filehandle.self=648
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3108

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Temp\{1AB55049-DA22-49A5-888A-760210482779}\.cr\InsightConfigurator_latest.exe
          Filesize

          665KB

          MD5

          feb525b36ce9ec368f53dfa85eaf3b09

          SHA1

          e8c4078c4033e988a7d3fbf0d69fc25838378352

          SHA256

          69e86c890e40c41825cda1f514d1264ab4da93017735a37e638a2fee934f53c6

          SHA512

          6bc10f3989d98c050a3a928c9e8880d9c27063598dc44502587dcdeccc3a25563691fcf0dd18bce1515e7caa40dbaef66eba57c83c02bd76640312c6f5a5d770

          Download Submit

        • C:\Windows\Temp\{1AB55049-DA22-49A5-888A-760210482779}\.cr\InsightConfigurator_latest.exe
          Filesize

          665KB

          MD5

          feb525b36ce9ec368f53dfa85eaf3b09

          SHA1

          e8c4078c4033e988a7d3fbf0d69fc25838378352

          SHA256

          69e86c890e40c41825cda1f514d1264ab4da93017735a37e638a2fee934f53c6

          SHA512

          6bc10f3989d98c050a3a928c9e8880d9c27063598dc44502587dcdeccc3a25563691fcf0dd18bce1515e7caa40dbaef66eba57c83c02bd76640312c6f5a5d770

          Download Submit

        • C:\Windows\Temp\{DFC46AAB-DE33-4F99-BD45-CF6691A33A48}\.ba\banner.bmp
          Filesize

          83KB

          MD5

          a1382a09f9f76d0bac452b9618b679f3

          SHA1

          44b211e13258ebafccb2bb2fc84a899d006eb153

          SHA256

          72314697eb2c7339adabbfd4c4c7acc7289a1b9fc2c51aaaa337e91a648b0d8b

          SHA512

          9fb1e533531f02e2c81e3c940de759c7ecbc5dbb3945e2ca518ecf754734431527ce240fbfdc465fb87acedfeb8de0d1432bc2e8a72417e2659c6aa295c50b6f

          Download Submit

        • C:\Windows\Temp\{DFC46AAB-DE33-4F99-BD45-CF6691A33A48}\.ba\bannerbottom.bmp
          Filesize

          86KB

          MD5

          88fe55f7061e6b70ecbbb8436aec2c96

          SHA1

          e84a65dbf512b6866de66eb1012e1ba661601a4b

          SHA256

          399ad26b4b098cfe05c67a64bc7a72247faf54fec402936d65ad210474939a2e

          SHA512

          a7673fd0ab611f2cdbf4c4f2fd117123c402184a07de5978af8936655214285485a40716a5c33ca2b6c10432f623aac1e6b37f7a624a2e7ca31dc6e3f0c9ceaa

          Download Submit

        • C:\Windows\Temp\{DFC46AAB-DE33-4F99-BD45-CF6691A33A48}\.ba\dialog.bmp
          Filesize

          451KB

          MD5

          bc9b5f6309f4a6ec6253e086d434c779

          SHA1

          957df4e12a98ed8ea21ae6e41d9a06b502b9ed65

          SHA256

          ed75effe929f417d21a609081084843c8005b80c1418cc3539c4a21dda6e0754

          SHA512

          4c351df1a8398cf2cab000b329e9429a4983c928853fd6579664af27fd9ecd8484144cfc7378581d006a880ee25f4c67f8afb6226fe084398017dec1337a0cf8

          Download Submit

        • C:\Windows\Temp\{DFC46AAB-DE33-4F99-BD45-CF6691A33A48}\.ba\wixstdba.dll
          Filesize

          175KB

          MD5

          8ca04519005ad03b4d9e062b97d7f79d

          SHA1

          df53ed9440d027401d502f3297668009030350a7

          SHA256

          7b9f919a3d1974fd8fa35ad189edc8bf287f476bd377e713e616b26864a4b0d3

          SHA512

          1a29e9e9bd798c892a7cd3cd4ff259195e4a92e26f53e8f1a86c75c5eb8fdda58ceba312cd791651fad5ce04529696195815a4ba5c143ad52a5ea0d7c539bb77

          Download Submit