25abb64cc0dc23ce289491cdc048efad71f5387fd8ee1facf0afe90cfbefd498

Analysis

max time kernel
120s
max time network
138s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe
Size

4.7MB
MD5

5c7644897eb43a6e3b89a6c24ee3776a
SHA1

414dd22a97326132f846396371c6c851b91cdffb
SHA256

f3056861234e0a7a7a823d8f4e83c8462d81ac7bd5bba979258e00649bf12f3f
SHA512

357eb499e858661b864862635405a54b3435ec34d62d484446fdea40bd075cfade814e72176f2e070a5c722fa1cc1cd2530f5afe0b48ff6f95f2c62d56fdf338
SSDEEP

98304:5vd8bPD2SrQFkE0fECm/pra04aq1hAKTsHa1YEDqqbpr:fYPJrQFk/6RrOaqPxTs66EuqbF

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2552	setupdownloader.exe

Loads dropped DLL 7 IoCs

pid	Process
2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe
2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe
2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe
2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe
2552	setupdownloader.exe
2552	setupdownloader.exe
2552	setupdownloader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2552	setupdownloader.exe
2552	setupdownloader.exe
2552	setupdownloader.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2552	setupdownloader.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2552	setupdownloader.exe
2552	setupdownloader.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2552	2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe	29
PID 2792 wrote to memory of 2552	2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe	29
PID 2792 wrote to memory of 2552	2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe	29
PID 2792 wrote to memory of 2552	2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe	29
PID 2792 wrote to memory of 2552	2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe	29
PID 2792 wrote to memory of 2552	2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe	29
PID 2792 wrote to memory of 2552	2792	setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe	29

C:\Users\Admin\AppData\Local\Temp\setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe
"C:\Users\Admin\AppData\Local\Temp\setupdownloader_[aHR0cHM6Ly9jbG91ZC1lY3MuZ3Jhdml0eXpvbmUuYml0ZGVmZW5kZXIuY29tL1BhY2thZ2VzL0JTVFdJTi8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bdSFX0\LanguageManager.dll

Filesize
452KB

MD5
f696ea2198ffea1aea175a1a82aa35fc

SHA1
31a01db50c873e39ce9e150e3f4e0052ec7c884f

SHA256
900acc4555587f70c67d824f74acc1c45d77a43e36c7f82a73ffd125ad1398ab

SHA512
527bc21e241e374d10d4a8c54c2853719994e4d7715035f4275b58b7c31c0b8595dd2190984683f8dffa89a78c79eadd6407ef1d6618bf1da530fe73c0b4e3c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\bdnc.client_id

Filesize
36B

MD5
ba925e58943df04433c4d215447539e6

SHA1
03079ad5c806504de505dd6db8b2e7adfce67e87

SHA256
ef68974bc70d6389f2af5f0bc67f2f7de6e0b3025b31a8e76157873dbdebd5b4

SHA512
18847f44b39f176c1fd9024a15a8789017537ae7d9878b5be3f49524a64ee8d85e8d3f465b096e19509d715bb8fe154e290ee5a431be2763ece88c0ee434f5f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\lang\en-US\setupdownloader.dict

Filesize
2KB

MD5
78efb056bf5709d2cd1ced75dedae077

SHA1
438c8be61d242ca8df95102bfd95ddb2942ea116

SHA256
a73ec528e7e54cf956bb02e58eb4f136f96e22233dfefa29eaa8bc53ab8c4347

SHA512
bf7424207cbb4dcb2e9b40925809153e12d7529f887b73594370f72c28edfe5e78867a84c67480f548dcc66ebd9d77482366fe72287be20286bc2ad90163ec97

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\sciter.dll

Filesize
6.4MB

MD5
dc429b61c12e70ea71ab5f2a4f18de62

SHA1
c78d24a20d9111ef3d44b53632f4904a0d51e000

SHA256
c343fd694d4c77409b3a5b993aef3f93d5ad7d9c473f9a9bef3984475307e0fc

SHA512
9794190294113f8f8ffc666dc6ba3119209529fa1112836ab1bcb76f7521f24da707b39c85e7dc8e04be970acdc148a452ec5bc08fc973a1905c41d9eb61c1ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe

Filesize
1.6MB

MD5
efe8d6ca8967c1cf28985e0e45f49f78

SHA1
8158b5640c85bc6297854064af499828562e915f

SHA256
ea081cc6bd7a2303677bac10e39e61fab7e7478566f299a53ce2dbfd117f3747

SHA512
e159a3196631cb2201ec319c6cb676e052a8db01cb2624d204fd216b09f1e8db083da9f1a4431d2a1155b1b81bb782b8473608e37fabd76d2e70c0e19d2f5d2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe

Filesize
1.6MB

MD5
efe8d6ca8967c1cf28985e0e45f49f78

SHA1
8158b5640c85bc6297854064af499828562e915f

SHA256
ea081cc6bd7a2303677bac10e39e61fab7e7478566f299a53ce2dbfd117f3747

SHA512
e159a3196631cb2201ec319c6cb676e052a8db01cb2624d204fd216b09f1e8db083da9f1a4431d2a1155b1b81bb782b8473608e37fabd76d2e70c0e19d2f5d2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe

Filesize
1.6MB

MD5
efe8d6ca8967c1cf28985e0e45f49f78

SHA1
8158b5640c85bc6297854064af499828562e915f

SHA256
ea081cc6bd7a2303677bac10e39e61fab7e7478566f299a53ce2dbfd117f3747

SHA512
e159a3196631cb2201ec319c6cb676e052a8db01cb2624d204fd216b09f1e8db083da9f1a4431d2a1155b1b81bb782b8473608e37fabd76d2e70c0e19d2f5d2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.xml

Filesize
144B

MD5
6bfb76e69fc20ab441d60e0f406e998a

SHA1
61dfe5c2b14a7dbf9b5499667d78244e062858aa

SHA256
bdbc89b4c3e58fa709863d273c191f605dea2f9257d30bd99ecbe52e2efb0557

SHA512
af41957045ece47102e52703f1e8fe265255900e91fba24bce26daf659345183d9a2ca0f848bdf2a00b30a2204120f0d66a87a01c0bdac53cdfa412bf15d1eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\fonts\Montserrat-Bold.ttf

Filesize
238KB

MD5
ade91f473255991f410f61857696434b

SHA1
3a54407a2b26ff4718708a4726b10cb070d16534

SHA256
c8289a870d238aa042bdfd09364fe6dea524bcd1ea485341878d8c75a32ab444

SHA512
05fa7f64f2e2b3e81fc57d9490a18b7141653604c47c523fe7c0f773ca2e4bb04c1bc073c5356052f525cf7d79a18ea9b54554930821ad00fa0822466a8c9795

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\fonts\Montserrat-Light.ttf

Filesize
236KB

MD5
409c7f79a42e56c785f50ed37535f0be

SHA1
83879cec4c934d446eca63aa5cfedcebfd60d610

SHA256
e0feb97ab7fdca79ccdfcc7df7b629f86705e33b7687b7463b388b003ffef865

SHA512
432fc93810089b23b7074a84f66e1208f454bf05e03d7f143d5e989d416d5c2acd29e126443fad903c7601dfb14050ce99370d1f3700870537088ad8b97bb05c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\fonts\Montserrat-Medium.ttf

Filesize
237KB

MD5
c8b6e083af3f94009801989c3739425e

SHA1
65a98832079c4d2c67f3acc4f4ce2de630fe6cb0

SHA256
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53

SHA512
98736db603d6ba465f09bd25a0304cf390a6cff6681ce75e381b91bb721cc929af03bbdb550e594e165c5e9f89f87e185694174affd4010e500ca03c598a1f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\fonts\Montserrat-Regular.ttf

Filesize
239KB

MD5
ee6539921d713482b8ccd4d0d23961bb

SHA1
d25b35242deb1c6ff888b8162ca2aacc356d3899

SHA256
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525

SHA512
3adf8697e6d4c05c4410e0f1670e17cdc4273a7d13cff3b0e98c669c2d67bc729c94443e4536fbaa620d5d92860e71ccc913c5c43705ad319c7e365a6de9cad0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\img\close-installer.svg

Filesize
547B

MD5
bde4671937a67d53fe5d0c1b504c1ec5

SHA1
3126767d4bc33218862192f6ee2e8f3f4d7a53a8

SHA256
995edef779b3eac0ca1068226b1fc087451d850b06f02738cca094a23dfc44d7

SHA512
e7a2b7c4c99cf9f3cdb3d347664a887ff49b65073b2e047ba86af7593e027179476cfbe999f13dad814546d379f6fe2a1b0c1b28dbb0b5392ce7a724b327a8ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\img\logo-setupdownloader.svg

Filesize
4KB

MD5
86eed533ed593730227bb35d4328ee69

SHA1
11dd39882f722a5b96629dbcb31ff598f2016484

SHA256
5097c2ee642c26e85db91900717fbd792d1acf10e619f7892651be4274ff479e

SHA512
e4f07add72638edd6dcadd7995042c72a01adb8cddbc6fb167a8ad4b5529564f00567610310efc3e3a993ec605a80d9f58465c21e28e3fbada9f986d47dd4681

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\img\progress-bg.png

Filesize
130B

MD5
524fcf53f52cade7c90ef80dd43a0ae2

SHA1
d769fbafc5b6693190f2a63743b7e099d3cf2608

SHA256
7e9ad3cae650edc8ea0f1dd911102707a0554890cdda417dd62988eae30a6405

SHA512
bdcf3a0cd963eabd4b80d093c96f9e4c6c5e8e84896c5d5f7b7df31f1f2071cd6f6df4a1b26cc0f43c55509a2bffe8829e9ba0c584f304fd22c6fbcef5843967

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\popup.html

Filesize
1KB

MD5
e4959f7a613239949ccd62ec883aa790

SHA1
b353977c77e98c3ba32a2b145f2129337125aa35

SHA256
fa7360d76d9e87aab05bb0d61d00e617e087a5fb5ca0a5a1f9a0d25903eb7d8a

SHA512
f3f677f1e051afba6e93c3621351e64890c1669a7e32064c0b6ed790951464d4475f0850fd8a55100640e313da60f6b019c7b51493aaf8574ebe3b79ccd41194

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\scripts\dict.tis

Filesize
365B

MD5
9fdd5edc47287f58ac775f8a1ae5fcb0

SHA1
6842c71c9a4619ad028e95e747ffdb2a28a0260f

SHA256
07a0609fc2c00319b26f8640f0d9534518c568bd51cc64d47ac5d7b1ffc66a32

SHA512
a28ed0f03edc94d4f18860b40492bc3fcb27dbe33cecb97104c2ec8f7527a51010be4516a5792a7044cc1bcab4934c6f351dabbb9264f7ad9039286c3fbbf5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\scripts\movable.tis

Filesize
1KB

MD5
ce4a78717047ce5641c83e6d2e903cf0

SHA1
63a3dc2c05bb329a54015add6dfcdd85c31cdbad

SHA256
2864ef7f1b8d537ffdbbbbaa27069736acb18ccd373a153d7d4c8f90254e0259

SHA512
d7ec1fc5e210ad073581c2b0417ec3254cc7942f3fb67ae298f410268ca89adf2fc8e74c51a4bcce85c1fbf50d903da6d5545897761284b7221ad7de50c9e110

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\scripts\popup.tis

Filesize
2KB

MD5
ed27a2a24ca789b932e06d366fed263a

SHA1
a1d9d0eebf73bfa4635882afd56003316e620a08

SHA256
c6b12b5f8c4282ee9672d3e0bcfdc0650b751e29eefacdc5b83d0f2d08dc5051

SHA512
e447484de95b5d3a24ee18a09f17e608e717a58ddab720cc312aadfe3131807578c0ebe2cb7880a60cf0cf59a50bac156a5c34c86f73203b3ff407f97ff33b13

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\setup_downloader.html

Filesize
2KB

MD5
663a4c8f8fe86bf35d2c28f74672d8e5

SHA1
f3c366d33ad232613c28694eeffbdba843d18c73

SHA256
41d99a5ee5f44cb01864683ee131b156e1b30bd26da9caae638494d15b7f0fab

SHA512
8dff7b29871f18c0dd4a47b49023f80ff00ab38c53bca5285dcd075b262cbcaac535838224fc7b306545d4332ab451a8974d9888dfd59a655540b68a46ad433b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\skin\styles\style.css

Filesize
6KB

MD5
abf3bdf761d096e70fad9e3b6efecdb9

SHA1
cf39a5ba2e5a169ddb5a6e8104ffa737d01bcaa4

SHA256
01dfbc9c6eb25d7ab48c02ef39c573b6a442d1cc2d75fbf6a770ffa18ad20964

SHA512
c347932d361d0d0baceec25496a87bd8cb78dd41b7c3a91335cd4823f01d4dd94d4422494453330e322c0e769b7fe84198218daf49e5c2c79a88416893977fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdSFX0\wslib.dll

Filesize
3.5MB

MD5
80bb9bc202d6dda3723e927b4ff14816

SHA1
22cceb7700a7eea9105f983c664c987e94bddd70

SHA256
2bd8bdc35e5534030cfeb7519d07268d1bd88ffefddd0a62c0fe6c928936abf0

SHA512
cb56953e81037ff1a3f326db6a1548f729546e4db69da7a62c82a2f427eb1ae8a147a7b3804360e1ec21ce2a0a6a0642ef4260477d3da7106f7d645aa4b4d0b1

Download Submit
\Users\Admin\AppData\Local\Temp\bdSFX0\languagemanager.dll

Filesize
452KB

MD5
f696ea2198ffea1aea175a1a82aa35fc

SHA1
31a01db50c873e39ce9e150e3f4e0052ec7c884f

SHA256
900acc4555587f70c67d824f74acc1c45d77a43e36c7f82a73ffd125ad1398ab

SHA512
527bc21e241e374d10d4a8c54c2853719994e4d7715035f4275b58b7c31c0b8595dd2190984683f8dffa89a78c79eadd6407ef1d6618bf1da530fe73c0b4e3c3

Download Submit
\Users\Admin\AppData\Local\Temp\bdSFX0\sciter.dll

Filesize
6.4MB

MD5
dc429b61c12e70ea71ab5f2a4f18de62

SHA1
c78d24a20d9111ef3d44b53632f4904a0d51e000

SHA256
c343fd694d4c77409b3a5b993aef3f93d5ad7d9c473f9a9bef3984475307e0fc

SHA512
9794190294113f8f8ffc666dc6ba3119209529fa1112836ab1bcb76f7521f24da707b39c85e7dc8e04be970acdc148a452ec5bc08fc973a1905c41d9eb61c1ae

Download Submit
\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe

Filesize
1.6MB

MD5
efe8d6ca8967c1cf28985e0e45f49f78

SHA1
8158b5640c85bc6297854064af499828562e915f

SHA256
ea081cc6bd7a2303677bac10e39e61fab7e7478566f299a53ce2dbfd117f3747

SHA512
e159a3196631cb2201ec319c6cb676e052a8db01cb2624d204fd216b09f1e8db083da9f1a4431d2a1155b1b81bb782b8473608e37fabd76d2e70c0e19d2f5d2a

Download Submit
\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe

Filesize
1.6MB

MD5
efe8d6ca8967c1cf28985e0e45f49f78

SHA1
8158b5640c85bc6297854064af499828562e915f

SHA256
ea081cc6bd7a2303677bac10e39e61fab7e7478566f299a53ce2dbfd117f3747

SHA512
e159a3196631cb2201ec319c6cb676e052a8db01cb2624d204fd216b09f1e8db083da9f1a4431d2a1155b1b81bb782b8473608e37fabd76d2e70c0e19d2f5d2a

Download Submit
\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe

Filesize
1.6MB

MD5
efe8d6ca8967c1cf28985e0e45f49f78

SHA1
8158b5640c85bc6297854064af499828562e915f

SHA256
ea081cc6bd7a2303677bac10e39e61fab7e7478566f299a53ce2dbfd117f3747

SHA512
e159a3196631cb2201ec319c6cb676e052a8db01cb2624d204fd216b09f1e8db083da9f1a4431d2a1155b1b81bb782b8473608e37fabd76d2e70c0e19d2f5d2a

Download Submit
\Users\Admin\AppData\Local\Temp\bdSFX0\setupdownloader.exe

Filesize
1.6MB

MD5
efe8d6ca8967c1cf28985e0e45f49f78

SHA1
8158b5640c85bc6297854064af499828562e915f

SHA256
ea081cc6bd7a2303677bac10e39e61fab7e7478566f299a53ce2dbfd117f3747

SHA512
e159a3196631cb2201ec319c6cb676e052a8db01cb2624d204fd216b09f1e8db083da9f1a4431d2a1155b1b81bb782b8473608e37fabd76d2e70c0e19d2f5d2a

Download Submit
\Users\Admin\AppData\Local\Temp\bdSFX0\wslib.dll

Filesize
3.5MB

MD5
80bb9bc202d6dda3723e927b4ff14816

SHA1
22cceb7700a7eea9105f983c664c987e94bddd70

SHA256
2bd8bdc35e5534030cfeb7519d07268d1bd88ffefddd0a62c0fe6c928936abf0

SHA512
cb56953e81037ff1a3f326db6a1548f729546e4db69da7a62c82a2f427eb1ae8a147a7b3804360e1ec21ce2a0a6a0642ef4260477d3da7106f7d645aa4b4d0b1

Download Submit