49b6d15c38204be151370ab4d7cf785bab924e6ac78d3fbf6631de3084a76964

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2023, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

79.6MB
MD5

e3f89d5754f9068351fabfc1c46df5b3
SHA1

7ed6c09975e70029357633c5100729115341878b
SHA256

49b6d15c38204be151370ab4d7cf785bab924e6ac78d3fbf6631de3084a76964
SHA512

fd794d37cfd963e22107f8ec8f0c08ac3606ed56b0d01d50a76df17acaf00f7ed305cd4d4737d1e18ee4df05fe3beea4a48197dd68f374d2a0475c13f6c0dbf4
SSDEEP

1572864:jrvqT4dxIwKYn450z5fAB/3brKTqzx5s8KwpwLIitiUMiHOYC7SoNo3mG:XKuz45EdGvbrXzxm/+litUAH

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1176	Setup.tmp

Loads dropped DLL 2 IoCs

pid	Process
1176	Setup.tmp
1176	Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 1176	1256	Setup.exe	82
PID 1256 wrote to memory of 1176	1256	Setup.exe	82
PID 1256 wrote to memory of 1176	1256	Setup.exe	82

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Users\Admin\AppData\Local\Temp\is-Q6CAF.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-Q6CAF.tmp\Setup.tmp" /SL5="$9003A,82870314,301056,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-Q6CAF.tmp\Setup.tmp

Filesize
1.3MB

MD5
157dcc57c34e1e0941300f3445625319

SHA1
96d35b4979773b9220c043bb1229043c8b6a1f20

SHA256
270d5cd4d7ba80c554f0cd79a43df0953097480a7cb3adb8dd12af88e9250d40

SHA512
e4cb2a36e382944a440a324c23a259ade1250dea1ba0d67fc09de2af65134f5006f081a6521128807080e7327284c29384fa4e74f9605cd42b100d72337835d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UK0UI.tmp\innocallback.dll

Filesize
71KB

MD5
620a17c7645622184f9ab49752f69976

SHA1
428c45a7adfe271326cd036b35b91da1177e5510

SHA256
1fc556924686e9f0c762a95a2fcdc297c46c6ee15cd2bfd0bab9a53bfbc00dd3

SHA512
9909e307bef504b3b16f6f79f8a5fd4a9f5543b560811a14b9f8a23bf83a170820e1616092fcd1b1e1d62e0db233e328cf0ef4428b242db6f44088e2fd167fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UK0UI.tmp\innocallback.dll

Filesize
71KB

MD5
620a17c7645622184f9ab49752f69976

SHA1
428c45a7adfe271326cd036b35b91da1177e5510

SHA256
1fc556924686e9f0c762a95a2fcdc297c46c6ee15cd2bfd0bab9a53bfbc00dd3

SHA512
9909e307bef504b3b16f6f79f8a5fd4a9f5543b560811a14b9f8a23bf83a170820e1616092fcd1b1e1d62e0db233e328cf0ef4428b242db6f44088e2fd167fc3

Download Submit
memory/1176-138-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/1176-144-0x0000000003310000-0x0000000003325000-memory.dmp

Filesize
84KB

Download
memory/1176-147-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/1176-148-0x0000000003310000-0x0000000003325000-memory.dmp

Filesize
84KB

Download
memory/1176-149-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/1176-158-0x0000000003310000-0x0000000003325000-memory.dmp

Filesize
84KB

Download
memory/1256-133-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1256-146-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads