Overview

overview

7

Static

static

3

SetupImage.exe

windows7-x64

7

SetupImage.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/07/2023, 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupImage.exe

  • Size

    1.4MB

  • MD5

    9e63cafd950aef3aac9210b48fbcab3d

  • SHA1

    f98ca96c09da31b83473f153453dcd793a173ee2

  • SHA256

    f53cccec8c648ac97c5537e8b757c1dbc38297b32a21a1527b0ff18f07dfbc7c

  • SHA512

    fc4d3d1a57d27c207da8ef055de8ba06a22a676c78c3db639a4486c626ac35aa483f2c9ef0ddd0423a7818304c62dd704e099e0ad7cbf6d9dd6a026e5c090473

  • SSDEEP

    24576:CxGlZeVswK8mha5itUcdC2ciBGvf4wsdQRrs0iQzO5GXNwBVLj9o6k1vh/BZS0hU:nrXFHtvdCgoAwsdQRr1iQAH/fmDJo

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupImage.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupImage.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3744
    • C:\Users\Admin\AppData\Local\Temp\is-9T4H1.tmp\SetupImage.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9T4H1.tmp\SetupImage.tmp" /SL5="$D0064,1053247,119296,C:\Users\Admin\AppData\Local\Temp\SetupImage.exe"
      2⤵
      • Executes dropped EXE
      PID:1568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9T4H1.tmp\SetupImage.tmp
    Filesize

    1.1MB

    MD5

    6a96bef4679e16a54b4090e74664dcca

    SHA1

    c8631c1624b98f6709b1ac37ce3956faed29bc30

    SHA256

    cb095356ddcfcbace96c6252fb73a267ed011c15ff206a7a9302007baa68a783

    SHA512

    924ab1e5c6ea72342eab6e78899a56c415e90020c46d3d8a81ae4da9276db7ea1df9684965a81fb95a6f2f9cf103b31413d67770eb15725ad04198c5d00037d0

    Download Submit

  • memory/1568-139-0x00000000021A0000-0x00000000021A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1568-146-0x0000000000400000-0x000000000052C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1568-147-0x00000000021A0000-0x00000000021A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3744-134-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3744-144-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download