81e5c5799523377b4767c4c997e46488d06644c5b3465c238b401e25eadc4e9e

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24-07-2023 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stopupdates10setup.exe
Size

2.3MB
MD5

a277d47050212a41ba3c27dd82f1344d
SHA1

d4f9584cc8e12ad6046facd62c819e291f1134fa
SHA256

81e5c5799523377b4767c4c997e46488d06644c5b3465c238b401e25eadc4e9e
SHA512

0542fd9c02984352dd98ca121a42d84063fd93f35917d2bcb909419e8b2edfedee3890c32f46d76102cabe3c5347ea5d104164748b2296ee9367ece46431fc1f
SSDEEP

49152:c9I2Qdit9pBUy19uiEeaUtxzHwHBWVanhOO6+x0myoysmSZS7Tj:WIi9Ay19uiEwtSOahmVoydSZKj

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2352	stopupdates10setup.tmp

Loads dropped DLL 3 IoCs

pid	Process
2532	stopupdates10setup.exe
2352	stopupdates10setup.tmp
2352	stopupdates10setup.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2352	stopupdates10setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2352	2532	stopupdates10setup.exe	28
PID 2532 wrote to memory of 2352	2532	stopupdates10setup.exe	28
PID 2532 wrote to memory of 2352	2532	stopupdates10setup.exe	28
PID 2532 wrote to memory of 2352	2532	stopupdates10setup.exe	28
PID 2532 wrote to memory of 2352	2532	stopupdates10setup.exe	28
PID 2532 wrote to memory of 2352	2532	stopupdates10setup.exe	28
PID 2532 wrote to memory of 2352	2532	stopupdates10setup.exe	28

C:\Users\Admin\AppData\Local\Temp\stopupdates10setup.exe
"C:\Users\Admin\AppData\Local\Temp\stopupdates10setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\is-LA6LV.tmp\stopupdates10setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LA6LV.tmp\stopupdates10setup.tmp" /SL5="$80120,2046581,56832,C:\Users\Admin\AppData\Local\Temp\stopupdates10setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-LA6LV.tmp\stopupdates10setup.tmp

Filesize
696KB

MD5
4d667ca2a286bd686a136cbf8f70b814

SHA1
f4e21cc7bb08ff63f75962c83f27c9445def093b

SHA256
038c977765ecb582167bb02e65427e025cd7f8ff0d65a74064c199ba8d8e2df2

SHA512
7812ac3d980691d041f5c2c9aa15acb2b8a1937787d6f5d150ab25cd04c83f69bb3034778c1828e0d064ffb5a72a3443804eef0f60b2897b81da58e5a64ce72c

Download Submit
\Users\Admin\AppData\Local\Temp\is-39NPH.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-39NPH.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-LA6LV.tmp\stopupdates10setup.tmp

Filesize
696KB

MD5
4d667ca2a286bd686a136cbf8f70b814

SHA1
f4e21cc7bb08ff63f75962c83f27c9445def093b

SHA256
038c977765ecb582167bb02e65427e025cd7f8ff0d65a74064c199ba8d8e2df2

SHA512
7812ac3d980691d041f5c2c9aa15acb2b8a1937787d6f5d150ab25cd04c83f69bb3034778c1828e0d064ffb5a72a3443804eef0f60b2897b81da58e5a64ce72c

Download Submit
memory/2352-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2352-70-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2352-71-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2532-54-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2532-68-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads