66d1b15ffa119725776e4864861db9944c7584f4d765612479247ab62bdd6126

Analysis

max time kernel
140s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2023 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

2.8MB
MD5

a728876b59b1f4ec451d3548b465a9fa
SHA1

a378c3ced33ff41a97594cb7750dfea61d4d38eb
SHA256

6179f8783575c79ffad7c4d4d32730554394b47fe8a70440c9fee14269b6a19f
SHA512

c546acc1cd47a77fe5682d79a3559cd81a7615a1bf69a8a1b2e0821a25dc26526003474e9ca02b15bfbb4bb2fa40b86ca5e63feab401e8624521b0d81779fc5a
SSDEEP

49152:z5PFKAK1byssRMZ16VqFITL3MfqKkyV48uYoPU/S5P0:z1Fw1bpsnx8nk1kS1

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3736	Setup.exe
3736	Setup.exe
3736	Setup.exe
3736	Setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{C8518EDC-9550-46A1-9C82-53597B995B3E}\Disk1\ISSetup.dll

Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8518EDC-9550-46A1-9C82-53597B995B3E}\Disk1\ISSetup.dll

Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8518EDC-9550-46A1-9C82-53597B995B3E}\Disk1\ISSetup.dll

Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8518EDC-9550-46A1-9C82-53597B995B3E}\_Setup.dll

Filesize
325KB

MD5
7de2d19c870587b8ffc5a446e9b6e29a

SHA1
4818065b55bbe0469cb2135197d69caae359ac63

SHA256
35eef33d1890a6e34d647f86f24c730b4f741c9d33fcce01cfb12d2b8e55b5d1

SHA512
bf2258b84f497e40670aac594e20f5a508cf603235f2cdd73e0c4e74613ece46468571b1beeaab5065ce214675e846a0641c9cb812b8e1fdf33a6ae0237ed3b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8518EDC-9550-46A1-9C82-53597B995B3E}\_Setup.dll

Filesize
325KB

MD5
7de2d19c870587b8ffc5a446e9b6e29a

SHA1
4818065b55bbe0469cb2135197d69caae359ac63

SHA256
35eef33d1890a6e34d647f86f24c730b4f741c9d33fcce01cfb12d2b8e55b5d1

SHA512
bf2258b84f497e40670aac594e20f5a508cf603235f2cdd73e0c4e74613ece46468571b1beeaab5065ce214675e846a0641c9cb812b8e1fdf33a6ae0237ed3b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8518EDC-9550-46A1-9C82-53597B995B3E}\_Setup.dll

Filesize
325KB

MD5
7de2d19c870587b8ffc5a446e9b6e29a

SHA1
4818065b55bbe0469cb2135197d69caae359ac63

SHA256
35eef33d1890a6e34d647f86f24c730b4f741c9d33fcce01cfb12d2b8e55b5d1

SHA512
bf2258b84f497e40670aac594e20f5a508cf603235f2cdd73e0c4e74613ece46468571b1beeaab5065ce214675e846a0641c9cb812b8e1fdf33a6ae0237ed3b3

Download Submit
memory/3736-27-0x0000000002700000-0x000000000289A000-memory.dmp

Filesize
1.6MB

Download
memory/3736-28-0x0000000002700000-0x000000000289A000-memory.dmp

Filesize
1.6MB

Download
memory/3736-29-0x00000000004C0000-0x00000000004C2000-memory.dmp

Filesize
8KB

Download