d86e6e98e2e1f671ec651fa60ecdfdadc069643b8865ce8230b1cc12618eb813

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

539KB
MD5

b5527fab72e933e1a479ce16f765c435
SHA1

25877febe2e4dfd7318a475ad04475b2d8385a68
SHA256

d86e6e98e2e1f671ec651fa60ecdfdadc069643b8865ce8230b1cc12618eb813
SHA512

eeeb9f3a23f8d6c5b4c55f3177644e1faae3a97dda803e6e96b2ae9c8b60ddcfb5252102e66e2425dcee74f98f189eba0025d09ce32c053eebcded0a80ec72eb
SSDEEP

12288:zuGj5je69oqAmj5oMqKyKAuqOAP0wuyeMb01JQntLOCH6o0H5:zXhe29AmjkKuuyemH6xZ

Score

1^/10

Malware Config

Signatures

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families	dfsvc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "TVW62GYPJTKLRW9H2H0VJMYC"	dfsvc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "KG3RCT01YDQBAJKEWM44EMBG"	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Visibility	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager	dfsvc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\StateStore_RandomString = "TG0L5CEGNR6Z92L40LG2PKPZ"	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Assemblies	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Installations	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\VisibilityRoots	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion	dfsvc.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Categories	dfsvc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1956	dfsvc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1956	1992	setup.exe	28
PID 1992 wrote to memory of 1956	1992	setup.exe	28
PID 1992 wrote to memory of 1956	1992	setup.exe	28
PID 1992 wrote to memory of 1956	1992	setup.exe	28

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1956-54-0x0000000000150000-0x0000000000158000-memory.dmp

Filesize
32KB

Download
memory/1956-56-0x000000001B030000-0x000000001B0B0000-memory.dmp

Filesize
512KB

Download
memory/1956-58-0x000000001B030000-0x000000001B0B0000-memory.dmp

Filesize
512KB

Download
memory/1956-59-0x000000001B030000-0x000000001B0B0000-memory.dmp

Filesize
512KB

Download
memory/1956-61-0x000000001B030000-0x000000001B0B0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads