c4923cd0534a46278c8467c3e6cb139ae44fb8a0d3b3e567bf80dad94ad605e7

Analysis

max time kernel
141s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

important/setup.exe
Size

1.1MB
MD5

85781f3e560cd56ffdb395b90eb6c3c5
SHA1

9c79fd1c43d86e175ed0f858d24b253d402b2c58
SHA256

2bdbda22178207fe5dc4ad303e4dfbc5d01a0d52781a67933fce2c1a50dfccc1
SHA512

bb02b9531b26325f6476d64e53e91e058d1f11ddb636eea95c78a5f4aabb9a03288bc1d6d71bd0c5fa63d5232f78f1b5fc11b7ac31b754e7b7888597bbf3a2ca
SSDEEP

24576:qwV7Ct+TyBk+By4uPNB3C6llllmQlcukCoCW+R:HV7CETyBk+By4u1llllHlNneW

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2932	setup.exe

C:\Users\Admin\AppData\Local\Temp\important\setup.exe
"C:\Users\Admin\AppData\Local\Temp\important\setup.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{5C2E4286-B821-4AEC-A078-22F98ACC4740}\0x0409.ini

Filesize
21KB

MD5
be345d0260ae12c5f2f337b17e07c217

SHA1
0976ba0982fe34f1c35a0974f6178e15c238ed7b

SHA256
e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

SHA512
77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

Download Submit
memory/2932-33-0x0000000010000000-0x0000000010257000-memory.dmp

Filesize
2.3MB

Download
memory/2932-36-0x00000000002B0000-0x00000000002B2000-memory.dmp

Filesize
8KB

Download
memory/2932-76-0x0000000010000000-0x0000000010257000-memory.dmp

Filesize
2.3MB

Download