Overview

overview

7

Static

static

3

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

7

Resubmissions

27/08/2023, 22:28

230827-2drsaafe4w 7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    27/08/2023, 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    2.7MB

  • MD5

    99398fa77ad431e7303c9fc4c9520870

  • SHA1

    736f7ef8b30f9914fc3b47a4ac72381ee3de4550

  • SHA256

    c1a736977adec9e8d0fa673d9d554a7ecf90c2ff32e8c87b4db9b19dd6ddbecc

  • SHA512

    88f7e56021345a368fad3d3473a1f7d82df35140d71d223f5a20a4f4a6cac7880a5e5b57bacdc5faeca966997f924385d28debac4edad19dff293f743aa488c5

  • SSDEEP

    49152:4sIJmhvt/foKxe7XmFxajEXouJDZEup637/xt5Ofizsc9J/9Dj70DK9sw:7IJSvtnlw2F+9nc637/xtYc9rjN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2452
    • C:\Users\Admin\AppData\Local\Temp\is-KB1A3.tmp\setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KB1A3.tmp\setup.tmp" /SL5="$80120,2084816,489472,C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-KB1A3.tmp\setup.tmp
    Filesize

    1.5MB

    MD5

    d2cc787de6c37c0f639c0522ec9026ef

    SHA1

    ada183022600190c43f8dfbfca177c491451502c

    SHA256

    db33925842832af68c7d455e1b2d4765184d9d96632d9f3789dfac87e7ee3f3a

    SHA512

    4ec6cd41c61643f516fc46c78449e8f7ffe39e7d353272de8c3f44ad21ad51e97621f50e0cc2c8fc09557fa95c93e4ef1bef949989ba67031df76d38cec690cc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KB1A3.tmp\setup.tmp
    Filesize

    1.5MB

    MD5

    d2cc787de6c37c0f639c0522ec9026ef

    SHA1

    ada183022600190c43f8dfbfca177c491451502c

    SHA256

    db33925842832af68c7d455e1b2d4765184d9d96632d9f3789dfac87e7ee3f3a

    SHA512

    4ec6cd41c61643f516fc46c78449e8f7ffe39e7d353272de8c3f44ad21ad51e97621f50e0cc2c8fc09557fa95c93e4ef1bef949989ba67031df76d38cec690cc

    Download Submit

  • memory/2452-1-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2452-9-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2472-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-11-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2472-12-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download