482b8e4fdddaa9b019cdc0e93fad3042e20b36dbecd9d37b6b2bd98e0ed5a8df

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cn_.net_framework_4.5_language_pack_x86_x64_921026.exe
Size

4.0MB
MD5

5507b5ed13819d76584fd1bd892af338
SHA1

1934ec0814a5136560723590f01ff818454f02f1
SHA256

482b8e4fdddaa9b019cdc0e93fad3042e20b36dbecd9d37b6b2bd98e0ed5a8df
SHA512

c818e2932b8813b5c0e6b3a7266b2478d382b7ec5aa564610ae9b457b164dcbcb052b71707503561677bd5f1f469a1aa89c1286b5a1a1e5660f6c42e1f2adb18
SSDEEP

98304:s2cRbmXZC8BOtjhhLznZ0scWC4ad1/piPt0GYEpvDUu9ct:ZgivBSh57Osq/piPtgEl/ct

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4236	Setup.exe

Loads dropped DLL 5 IoCs

pid	Process
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe
4236	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 4236	1592	cn_.net_framework_4.5_language_pack_x86_x64_921026.exe	87
PID 1592 wrote to memory of 4236	1592	cn_.net_framework_4.5_language_pack_x86_x64_921026.exe	87
PID 1592 wrote to memory of 4236	1592	cn_.net_framework_4.5_language_pack_x86_x64_921026.exe	87

C:\Users\Admin\AppData\Local\Temp\cn_.net_framework_4.5_language_pack_x86_x64_921026.exe
"C:\Users\Admin\AppData\Local\Temp\cn_.net_framework_4.5_language_pack_x86_x64_921026.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1592
- F:\6d082dc7a4a0ce90fc628965d498\Setup.exe
  F:\6d082dc7a4a0ce90fc628965d498\\Setup.exe /x86 /x64 /lcid 2052
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:4236

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HFI8425.tmp.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\1033\LocalizedData.xml

Filesize
51KB

MD5
24fde6338ea1a937945c3feb0b7b2281

SHA1
6b8b437cd3692207e891e205c246f64e3d81fdd5

SHA256
63d37577f760339ed4e40dc699308b25217ce678ce0be50c5f9ce540bb08e0a7

SHA512
9a51c7057de4f2ec607bb9820999c676c01c9baf49524011bb5669225d80154119757e8eb92d1952832a6cb20ea0e7da192b4b9ddf813fa4c2780200b3d7ba67

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\2052\LocalizedData.xml

Filesize
41KB

MD5
759eb338d738ca6c531b9d5b06591b3b

SHA1
c9ed5ada615ccacd887a0d07ee25dfe1d7fbc00c

SHA256
a4c3bc545fc028935ad6ec4bd8ce51a300fab8a0b128cca89a8c14923d437b16

SHA512
82e6b969dedfdda477f6fb7fcb50a0acad0b26b9b4cca9f1adab5323c6c144da6c0bff34e39e0ef7b39f37ab5808f0064eace99867f7cd258e91aeb5aa5baef2

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\2052\SetupResources.dll

Filesize
23KB

MD5
a5315d733a068aa1badf2802900bdc5c

SHA1
6edecd3cf1ce823baab54e5a648c4f434374256a

SHA256
75f6204f506a84a50035101ba1482e428aef995f6ffb930490a3f6a0823a24b7

SHA512
ba20c557ec51fca227fc3bcf95dd18e48d121e9caff045e591c2d8e4c11e913a672c60f112056e6bf81b50fc972afda0a92ffb9a76fe4b933bc5bed58c31b501

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\2052\SetupResources.dll

Filesize
23KB

MD5
a5315d733a068aa1badf2802900bdc5c

SHA1
6edecd3cf1ce823baab54e5a648c4f434374256a

SHA256
75f6204f506a84a50035101ba1482e428aef995f6ffb930490a3f6a0823a24b7

SHA512
ba20c557ec51fca227fc3bcf95dd18e48d121e9caff045e591c2d8e4c11e913a672c60f112056e6bf81b50fc972afda0a92ffb9a76fe4b933bc5bed58c31b501

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\2052\SetupResources.dll

Filesize
23KB

MD5
a5315d733a068aa1badf2802900bdc5c

SHA1
6edecd3cf1ce823baab54e5a648c4f434374256a

SHA256
75f6204f506a84a50035101ba1482e428aef995f6ffb930490a3f6a0823a24b7

SHA512
ba20c557ec51fca227fc3bcf95dd18e48d121e9caff045e591c2d8e4c11e913a672c60f112056e6bf81b50fc972afda0a92ffb9a76fe4b933bc5bed58c31b501

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\ParameterInfo.xml

Filesize
66KB

MD5
3d80ce25d093f926c9c7c7323827c6eb

SHA1
120a97cea39bcdb7924755b82c070bae1fed27e7

SHA256
01698b10935f2963acb60d6ac36a5a9b7d2ad571de385b210ced8a2e49587311

SHA512
09d33b79848632595b7945d6984c1b8d05fa0741d21271088d61c4d40766dcad40aba96b2227be6dbbb9ff7669eeeecdc3c9cb6a7c2c0d00de908a4d9784ff99

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\Setup.exe

Filesize
85KB

MD5
8b3ecf4d59a85dae0960d3175865a06d

SHA1
fc81227ec438adc3f23e03a229a263d26bcf9092

SHA256
2b088aefcc76d0baa0bff0843bf458db27bacc47a8e698c9948e53ffc471828b

SHA512
a58a056a3a5814a13153b4c594ed72796b4598f8e715771fc31e60c60a2e26250768b8f36b18675b91e7ecc777ef27c7554f7a0e92c2dfaba74531e669c38263

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\Setup.exe

Filesize
85KB

MD5
8b3ecf4d59a85dae0960d3175865a06d

SHA1
fc81227ec438adc3f23e03a229a263d26bcf9092

SHA256
2b088aefcc76d0baa0bff0843bf458db27bacc47a8e698c9948e53ffc471828b

SHA512
a58a056a3a5814a13153b4c594ed72796b4598f8e715771fc31e60c60a2e26250768b8f36b18675b91e7ecc777ef27c7554f7a0e92c2dfaba74531e669c38263

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\SetupEngine.dll

Filesize
868KB

MD5
43bc7b5dfd2e45751d6d2ca7274063e4

SHA1
a8955033d0e94d33114a1205fe7038c6ae2f54f1

SHA256
a11af883273ddbd24bfed4a240c43f41ce3d8c7962ec970da2d4c7e13b563d04

SHA512
3f3068e660fea932e91e4d141d8202466b72447107ff43f90dea9557fc188696617025531220bc113dc19fdd7adf313a47ac5f2a4ce94c65f9aeb2d7deda7f36

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\SetupEngine.dll

Filesize
868KB

MD5
43bc7b5dfd2e45751d6d2ca7274063e4

SHA1
a8955033d0e94d33114a1205fe7038c6ae2f54f1

SHA256
a11af883273ddbd24bfed4a240c43f41ce3d8c7962ec970da2d4c7e13b563d04

SHA512
3f3068e660fea932e91e4d141d8202466b72447107ff43f90dea9557fc188696617025531220bc113dc19fdd7adf313a47ac5f2a4ce94c65f9aeb2d7deda7f36

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\SetupUi.dll

Filesize
299KB

MD5
c6760e8b45ffa0cd56b843bc498b919d

SHA1
9faa762fcd06b2c216122c31a387d6d9cf5a6558

SHA256
26f324b3d8e7af4994459e118d20ef5b0abb332075432dd42c6597833486e269

SHA512
b83f7eab3ee1ef167f81c3ddfa6a578540fb0da2efd15b54650fcf5b35cdb6f54229e04887a6f66a78c4e20cdc21119db4e0f0ed3799eeea3d2e4a308ff3f54a

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\SetupUi.dll

Filesize
299KB

MD5
c6760e8b45ffa0cd56b843bc498b919d

SHA1
9faa762fcd06b2c216122c31a387d6d9cf5a6558

SHA256
26f324b3d8e7af4994459e118d20ef5b0abb332075432dd42c6597833486e269

SHA512
b83f7eab3ee1ef167f81c3ddfa6a578540fb0da2efd15b54650fcf5b35cdb6f54229e04887a6f66a78c4e20cdc21119db4e0f0ed3799eeea3d2e4a308ff3f54a

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\SplashScreen.bmp

Filesize
40KB

MD5
0966fcd5a4ab0ddf71f46c01eff3cdd5

SHA1
8f4554f079edad23bcd1096e6501a61cf1f8ec34

SHA256
31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3

SHA512
a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\Strings.xml

Filesize
13KB

MD5
8a28b474f4849bee7354ba4c74087cea

SHA1
c17514dfc33dd14f57ff8660eb7b75af9b2b37b0

SHA256
2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b

SHA512
a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\UiInfo.xml

Filesize
38KB

MD5
aea40d51f17d20e76855c8457b26c588

SHA1
291402ab3dffe541043af0ab715551903d047661

SHA256
a7947e202d0ddbf60b7d08aecb9c59735ba8458867df3d95398d38d72b429e53

SHA512
80bc03c2850999452afdbdc3b5c01db5858799161e308b89292af9b5ea3eb719ae73af833ca604dd0427f8e0f8ef6c2268713ec892cb6e6ae8cd696be435c683

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\graphics\print.ico

Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\graphics\save.ico

Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\graphics\setup.ico

Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\graphics\warn.ico

Filesize
9KB

MD5
b2b1d79591fca103959806a4bf27d036

SHA1
481fd13a0b58299c41b3e705cb085c533038caf5

SHA256
fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11

SHA512
5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\sqmapi.dll

Filesize
191KB

MD5
d475bbd6fef8db2dde0da7ccfd2c9042

SHA1
80887bdb64335762a3b1d78f7365c4ee9cfaeab5

SHA256
8e9d77a216d8dd2be2b304e60edf85ce825309e67262fcff1891aede63909599

SHA512
f760e02d4d336ac384a0125291b9deac88c24f457271be686b6d817f01ea046d286c73deddbf0476dcc2ade3b3f5329563abd8f2f1e40aee817fee1e3766d008

Download Submit
F:\6d082dc7a4a0ce90fc628965d498\sqmapi.dll

Filesize
191KB

MD5
d475bbd6fef8db2dde0da7ccfd2c9042

SHA1
80887bdb64335762a3b1d78f7365c4ee9cfaeab5

SHA256
8e9d77a216d8dd2be2b304e60edf85ce825309e67262fcff1891aede63909599

SHA512
f760e02d4d336ac384a0125291b9deac88c24f457271be686b6d817f01ea046d286c73deddbf0476dcc2ade3b3f5329563abd8f2f1e40aee817fee1e3766d008

Download Submit
memory/4236-237-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/4236-242-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download