ec9bbb5bd1161656917028baabf805b7db31b88864f787de09a5fbc9ae65a0cd | Triage

Analysis

max time kernel
128s
max time network
139s
platform
windows10-1703_x64
resource
win10-20230703-es
resource tags

arch:x64arch:x86image:win10-20230703-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
26/08/2023, 23:05

Sharing

Report Analysis Logs

General

Target

setup.exe
Size

115KB
MD5

b01ba38c120b8b1f5963e6b47ff12a1e
SHA1

10d2cd51fb97197949310ee9595f9e79d5392105
SHA256

ec9bbb5bd1161656917028baabf805b7db31b88864f787de09a5fbc9ae65a0cd
SHA512

21902e14f3c5baa34e7b2bdb77d09f6051af95a5690c8ef349cb4eb1f07baee8a837a820fb2dbb861cfdcbc40000e53d414cdb96899e018aa93b4a9378f1b92e
SSDEEP

3072:70a2o8/1AWl9XtA6yjCNGhXJec7oMcRjPHJLt5nN:752v/1AWl9XtujfkFjT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 3192	2496	setup.exe	70
PID 2496 wrote to memory of 3192	2496	setup.exe	70
PID 2496 wrote to memory of 3192	2496	setup.exe	70

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  C:\Users\Admin\AppData\Local\Temp\setup.exe -deleter
  2⤵
  PID:3192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads