ebad15390dd9a3385b4662903589843264857590fa8204cfa56ca0320213969c

Analysis

max time kernel
110s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

1.4MB
MD5

69aad44e138a0fc3a0f6b4360fa336dc
SHA1

9dc551a41a92aed62df04f510958e70abdef3ade
SHA256

ebad15390dd9a3385b4662903589843264857590fa8204cfa56ca0320213969c
SHA512

7dd39111421100a84cd63d70471447ca3944a89bc42118bdf5ab00dc85315d6f62d0d8fe643c4b8f3d9564a3174d7c059a48960cd39ba53d22c4cb10305d1449
SSDEEP

24576:XxGkwDlX0TDPR2r6MnkTpERE1enVfmpGhS41Br:gkSXkDJi6RpEO14/jr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3184	setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
3184	setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 3184	1280	setup.exe	94
PID 1280 wrote to memory of 3184	1280	setup.exe	94
PID 1280 wrote to memory of 3184	1280	setup.exe	94

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Users\Admin\AppData\Local\Temp\is-QK3A1.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QK3A1.tmp\setup.tmp" /SL5="$4021C,484352,0,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4FBG2.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QK3A1.tmp\setup.tmp

Filesize
1.5MB

MD5
19d22308e2d482ae1addf6df4cac70cf

SHA1
17a5227dadc9841a8f117344dbe7c04578c63b5b

SHA256
d071a81b8fd2a3302c215d93ff98b1e33e525d721bba0e8407dc29e7d8d8f375

SHA512
33982c1b9bcd86d09f2fe732745e62b0b1e203a769bb8e500ed8dbada12ee143f043b17b9488edec76e2aee87c8abc39e33db0fd51fcb22e230c0fc69baae21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QK3A1.tmp\setup.tmp

Filesize
1.5MB

MD5
19d22308e2d482ae1addf6df4cac70cf

SHA1
17a5227dadc9841a8f117344dbe7c04578c63b5b

SHA256
d071a81b8fd2a3302c215d93ff98b1e33e525d721bba0e8407dc29e7d8d8f375

SHA512
33982c1b9bcd86d09f2fe732745e62b0b1e203a769bb8e500ed8dbada12ee143f043b17b9488edec76e2aee87c8abc39e33db0fd51fcb22e230c0fc69baae21a

Download Submit
memory/1280-1-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1280-7-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1280-13-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3184-11-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/3184-12-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3184-9-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3184-18-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3184-8-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/3184-24-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3184-26-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3184-28-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads