66b91e18ac183f0db11473eacbca62e4fc9575bcff4ef37f56f17885ad4f9cf9

Analysis

max time kernel
212s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

38.1MB
MD5

f6ff9a380fd7a72af22d358ef3852a01
SHA1

3ab8c50c4198e21ab52785362283f332fb192846
SHA256

66b91e18ac183f0db11473eacbca62e4fc9575bcff4ef37f56f17885ad4f9cf9
SHA512

cba67d617697c9c59f87c26c38bf545d898ee2129246045b322e8a845fc459eb93936bfe54ed46c087d63d3a82b019fd3b37ba7f81d44adad7f9078fc6b5abb1
SSDEEP

393216:R+/NG5ZsMorU+/t7faX33c8XPn3klEvbYTAzs2ET7rHK5CwtvE1UZKuRsOG+1mmZ:Rkk+YOj19mrmirY031oZ8uG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4244	chrome.exe

Loads dropped DLL 2 IoCs

pid	Process
1020	setup.exe
1020	setup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1020	setup.exe
1020	setup.exe
1020	setup.exe
1020	setup.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 4244	1020	setup.exe	91
PID 1020 wrote to memory of 4244	1020	setup.exe	91
PID 1020 wrote to memory of 1096	1020	setup.exe	92
PID 1020 wrote to memory of 1096	1020	setup.exe	92

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Users\Admin\AppData\Roaming\ChromeApplication\chrome.exe
  C:\Users\Admin\AppData\Roaming\ChromeApplication\chrome.exe --own=106091
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  C:\Users\Admin\AppData\Local\Temp\setup.exe --restart
  2⤵
  PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pkg\837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843\ref-napi\lib\ref.js

Filesize
39KB

MD5
f1ec1cafeca137982e0bbc5679d42b51

SHA1
1f514c816c7c268b0c7160a200762c44cf5c130c

SHA256
d1f2f67adb5cdfe18768820e05722b8527106f53571cc063c8dac9989eecf9f7

SHA512
53e2cfa89edb44318576404d2e002f83439d06c25946d70f426c6835fba5b6b73ece48e5a0976569dd06a94731cdc3e2855bd294aafdd5296bb5ffe7aa2d6751

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843\ref-napi\package.json

Filesize
1KB

MD5
3ae54146940bc0aba93c80ec1eda6213

SHA1
83ab0ddc043ceba589a31977c91ccb8fc42bca9d

SHA256
db4cdf6e1be583835e9618138147a750ed5f8518acd5a11bfc22bc770c274d39

SHA512
7644902d99466fa802f032bd5dde7769db2d9ebb371f2b27d91556aee0392609879911fdb4ddc9cff43199da45a87043c417aba0df3bb1a0be796e9b296c72d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843\ref-napi\prebuilds\win32-x64\node.napi.node

Filesize
579KB

MD5
153a5d422243f7f95721f6c2c5de8c9d

SHA1
b0f73501859500acd1eccbff3d790abb610511ef

SHA256
837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843

SHA512
d078e20939b7bb1f77b003200359aaad2c1405a9193a1df56786cc2f9ae58cd7fec2b0825740c3b107003f797bcb86784e12704fd4625ca11637a41955ed40cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843\ref-napi\prebuilds\win32-x64\node.napi.node

Filesize
579KB

MD5
153a5d422243f7f95721f6c2c5de8c9d

SHA1
b0f73501859500acd1eccbff3d790abb610511ef

SHA256
837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843

SHA512
d078e20939b7bb1f77b003200359aaad2c1405a9193a1df56786cc2f9ae58cd7fec2b0825740c3b107003f797bcb86784e12704fd4625ca11637a41955ed40cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843\ref-napi\prebuilds\win32-x64\node.napi.node

Filesize
579KB

MD5
153a5d422243f7f95721f6c2c5de8c9d

SHA1
b0f73501859500acd1eccbff3d790abb610511ef

SHA256
837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843

SHA512
d078e20939b7bb1f77b003200359aaad2c1405a9193a1df56786cc2f9ae58cd7fec2b0825740c3b107003f797bcb86784e12704fd4625ca11637a41955ed40cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843\ref-napi\prebuilds\win32-x64\node.napi.node

Filesize
579KB

MD5
153a5d422243f7f95721f6c2c5de8c9d

SHA1
b0f73501859500acd1eccbff3d790abb610511ef

SHA256
837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843

SHA512
d078e20939b7bb1f77b003200359aaad2c1405a9193a1df56786cc2f9ae58cd7fec2b0825740c3b107003f797bcb86784e12704fd4625ca11637a41955ed40cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843\ref-napi\prebuilds\win32-x64\node.napi.node

Filesize
579KB

MD5
153a5d422243f7f95721f6c2c5de8c9d

SHA1
b0f73501859500acd1eccbff3d790abb610511ef

SHA256
837cb201a460a44d025689218d3b0e588ae3edbcd6ab11f415b147b5331cc843

SHA512
d078e20939b7bb1f77b003200359aaad2c1405a9193a1df56786cc2f9ae58cd7fec2b0825740c3b107003f797bcb86784e12704fd4625ca11637a41955ed40cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\build\Release\ffi_bindings.node

Filesize
588KB

MD5
d1f6e50334a50a3f1f8e35e02d788ad9

SHA1
1eab95b23d8ef82bb3171ed751eb14e178cb88d2

SHA256
b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3

SHA512
9f40996f4a8a5c6fe17687162306a02a5292ffb82bf62a0a7afa4af8f4f52f6d44bff34b8e14cf936ea9c51780603cfaa0a9ce84935a7b509892e51be18b2c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\build\Release\ffi_bindings.node

Filesize
588KB

MD5
d1f6e50334a50a3f1f8e35e02d788ad9

SHA1
1eab95b23d8ef82bb3171ed751eb14e178cb88d2

SHA256
b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3

SHA512
9f40996f4a8a5c6fe17687162306a02a5292ffb82bf62a0a7afa4af8f4f52f6d44bff34b8e14cf936ea9c51780603cfaa0a9ce84935a7b509892e51be18b2c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\build\Release\ffi_bindings.node

Filesize
588KB

MD5
d1f6e50334a50a3f1f8e35e02d788ad9

SHA1
1eab95b23d8ef82bb3171ed751eb14e178cb88d2

SHA256
b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3

SHA512
9f40996f4a8a5c6fe17687162306a02a5292ffb82bf62a0a7afa4af8f4f52f6d44bff34b8e14cf936ea9c51780603cfaa0a9ce84935a7b509892e51be18b2c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\build\Release\ffi_bindings.node

Filesize
588KB

MD5
d1f6e50334a50a3f1f8e35e02d788ad9

SHA1
1eab95b23d8ef82bb3171ed751eb14e178cb88d2

SHA256
b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3

SHA512
9f40996f4a8a5c6fe17687162306a02a5292ffb82bf62a0a7afa4af8f4f52f6d44bff34b8e14cf936ea9c51780603cfaa0a9ce84935a7b509892e51be18b2c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\build\Release\ffi_bindings.node

Filesize
588KB

MD5
d1f6e50334a50a3f1f8e35e02d788ad9

SHA1
1eab95b23d8ef82bb3171ed751eb14e178cb88d2

SHA256
b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3

SHA512
9f40996f4a8a5c6fe17687162306a02a5292ffb82bf62a0a7afa4af8f4f52f6d44bff34b8e14cf936ea9c51780603cfaa0a9ce84935a7b509892e51be18b2c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\_foreign_function.js

Filesize
3KB

MD5
2a49bf4ab3faaa4d12181fd4bce729ac

SHA1
8d409f1435168588b103c08fb07dce76bb28311c

SHA256
55b15de548d85992bf6f8e0d85dd0358860896925f95fb86851c958db42d18c5

SHA512
ac54edfc71aeee3ec91ac0a70e421b76a843a1def29187154e2af07235d579c5b699e5e9435a675220ef97d5a635d20a38796d56b86525a930dfea79b9741938

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\bindings.js

Filesize
267B

MD5
2e91a7108595e41b0eac9b66fe48b16e

SHA1
63367f1b77573b46c41fc84b02ad8b39e8899eaa

SHA256
344785defa0acb2861c7b64cf46d096669cc085371b8c4be9da9932732d55153

SHA512
0e9de1c2fbb16b50d74ff97d6bed8dc844bb5f71de99eb8914a56d7ef0291a5cf8f2dbe2768a3ce1f44804d9d4520a4c8fcf79fbe7dcc7b5d2d61f0304b1647c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\callback.js

Filesize
2KB

MD5
6c5fd7a740f4cba6ee05a9353e5de1c9

SHA1
8d9890f962287e7efd070526e72fda7ac76484c2

SHA256
17bd1e66ea9ac57324edd824325d4dd64c5cceeb8121a0f61ac9a8ba23b6bb3d

SHA512
0578f2d0887cd8538dea6d4d946677fb6bc0c2fb54a74a85f06f42cae812c4c50a4cdf51c8be7e5103ebf001a706cd6bf5db3ab668ffc9e989df2a7f4a085195

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\cif.js

Filesize
2KB

MD5
de0c9cbf00112933fe4d4c52eca1f7d9

SHA1
c82430f41794ef6c88da77a74e00e92c9d8ec71c

SHA256
3cf7ec1ae4d7fe843fba10e4901003a1093e5cc13135d4043bb27e32759781dc

SHA512
a8e2a257f30dceb7f5901d4abf8cdd436b5f22e6a82271595156e7a57ebde7a5e44b6cff6afe5ab213c1aab51332669468c1517c7bcf7092cdcfc25b4ed02c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\cif_var.js

Filesize
2KB

MD5
12ba004c1e200b77f3155dab2258c295

SHA1
c5220a70dbb7c679088c02348945946b2462cdad

SHA256
053fea5ad12360dad86cdcf01a17eb92ccb9180cda69341e7229ef5f6c8762f0

SHA512
ab66cb967e7ac4407eb057b8d7e35c20f396805588d2e4ea668eaefafb59b37abc4eaeabc202e7213ae55957981572656a3a64c747a12888326b626bfb3386c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\dynamic_library.js

Filesize
4KB

MD5
4099d9458e7bec4d6a463922bc4a553d

SHA1
bf378f5d20b0c050f92a941fe0c4b2179a81b8b2

SHA256
e90fc5ab99737148db485e654204e246d82e04b3dba8f9eba73258e5449c545d

SHA512
2b09103b65610ade06ac19672995db2368430fcb3a09c4b0a9b72afb58b74efe0e7e40864f4a533aa84d7463988f3e294e006e98b75b6640f12bf6b799afa640

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\errno.js

Filesize
613B

MD5
679569dd1fb25189ac4583d36aae2db8

SHA1
3053bc6a8f1fea6e00cb894a4354193b08ed3da0

SHA256
64afaf09bbbd57bb00f80756db4f34c13e0d181ba0dee7ae206f96f11f526768

SHA512
8f21cb45f042a69098d4ceefd6868dad182f557458351e126323074781409f57435f12498a8e6337b09c4c3ff23bcc02e8d6c3afa28315182a581e699fb87238

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\ffi.js

Filesize
2KB

MD5
cd1cf69f292cf1e9a6cb336d609d18f2

SHA1
8afedd0ff29831a13cb24aa9336d7d5c1f4c2128

SHA256
f51e271b2c7008886d4fe77685b536770a99f66cec816674446a8a8bd8ac4e2e

SHA512
cbe42fad5c1895f1f53064430e4d5a58f6be76c52937876b0aec1504e1335756558d83fc35b8a701c51b9989559ac3f463a48a293cd66919584db6662f64337a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\foreign_function.js

Filesize
1KB

MD5
b702bf7f07d25f7bd81b4a91cb71f7d8

SHA1
4d11d1a34a389f4cdfb8247c9738e022fac781ec

SHA256
dddd5a1ecbf82687c37ec071feb50953cfab2889bb5e7fae84367d2e12115905

SHA512
0d31386344366861ada78e57a843c9c90d82089592863aa50d2785089879958bd985a750fb1dae889108c23273eaa6edff679cea9d41b3c998b8fceb48b349fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\foreign_function_var.js

Filesize
3KB

MD5
cc6f1f07d2c0bd68ea65052beeebd471

SHA1
268dbba500c7eb2b1a80a9d17c51fd68b3b9a670

SHA256
7c6f037c21635f215e667ba52c4bf1139ea3519b33b891e48a2eb7f4aec1f289

SHA512
955ab9b737d0b0dc97eb18f2f832f08116b1280e584f14171e223e724154259cf18177995e27dfeea4da630c350dc8295e9b4b15f8a0cc15d56b462d1de3fef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\function.js

Filesize
2KB

MD5
16f8f45c01dc9b63697f76e9ce43fe1c

SHA1
33c61ce3be0526088c51e506f2505383aa3e3f06

SHA256
6ee34a976c81348d3e9b99eeb48bafd8c1dc6d292048c9009a927b7e018eacd6

SHA512
327fe4155752c5817c69016828a5b324ee198184c157227a4111e56a50d90f22008079c937f1a5040042fbe51a18e9dd2e7942edad9fccb78e222b7d39328815

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\library.js

Filesize
1KB

MD5
05d25d395b1fdc8f0ab948407876ca2c

SHA1
c348fa788187f89898fb198411415c5ae3e09e71

SHA256
70c0ecc048e4756ecd8da73be6f9c5562f69cbd6f1f6dea0f28f15461cb8456b

SHA512
09b024f687de7508f866415476fbc2d94b9ddd763c48969af2dcb95d12052c1c1dd2d78fbe2bfee7b40465c69edf69c21f3f9ab28bbc81f92c1310e9b5924970

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\lib\type.js

Filesize
4KB

MD5
8f993199fe24730a79a35c7ba50d7962

SHA1
63f0af521c62a99e29611263b4552966c3dadfc5

SHA256
527012790480aeb4c8e4ea47aa6efd63ccfa2fc6727ac560f2dcd398f9e1e808

SHA512
a7a72cc716acca0050b0c11cbf6a554915497d135751c908fe6db035ac0ff20a1d4752f953eb312532725aeaa3774b9be4f209ac7fb667ca0bd8b98150b44998

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\b0e0c6ad80fccc92a41f644afe3ad1d7e4ebcac9caa94a9ccf4eaa0dea2247e3\ffi-napi\package.json

Filesize
1KB

MD5
5f525ddbe17223cbe0526e795f85a8a2

SHA1
c775f13fcb54bff9cd3a30da2c8bf4c77fef22fc

SHA256
23ec038c441669f6d6b371b311d33e5aaeeb9124e1945f8f3844be6ada472f7f

SHA512
c8e53b9e2feb164aca640c23add133c25afc26b3c4f66df152fc7f203ee3a98c202bc07dcfb0e6f87ed8459fde7ce3a559015721d2e34903bfd2d6b2172ddfec

Download Submit
C:\Users\Admin\AppData\Roaming\ChromeApplication\chrome.exe

Filesize
14.5MB

MD5
a5db07901e458f09972b90a3973f7e50

SHA1
9aca26b43bce4c70facbfc11c24b046c4a1dcda4

SHA256
5c118a7675ff6355ab1e0050a977d783beea23e30ff76559126b2344801b73a9

SHA512
8684afa52820d631bd41fb3c4e6be2051ec0fddf348f4cc3806033e2494c92a6413303fe910fdc69ba0f76238d7546d4fd7d608b3bd2395d84437dcb91e4fe65

Download Submit
C:\Users\Admin\AppData\Roaming\ChromeApplication\chrome.exe

Filesize
13.0MB

MD5
a48e180f6924ec2afbaa8483af895b76

SHA1
5ffcd0bed7e8981e86e0db5d0ee308fcec39b42c

SHA256
cc4b8f5f195561467307e49d2c636df62bf4593970c0431a82d2c1eb8f4b8145

SHA512
69254377abcb535b890d368bd6464a18a56d7eda11537fc4f9aac8a1091bc626111fd92e9e0b7f498a7a702e47189147ab69fe0523a74cbdb8185238e0c4f39a

Download Submit