Overview

overview

7

Static

static

3

Setup Bala....3.exe

windows7-x64

7

Setup Bala....3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 22:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup Balancer v1.0.3.exe

  • Size

    18.2MB

  • MD5

    96d3bb6a676f817bf6ab00f12b92afec

  • SHA1

    3cb7c6af48b3d56a79386bf56497fd08596e15eb

  • SHA256

    6e70f17d9238f7fdfcb6d584bcb8963315d11506cda0de03f9740a7dcbb7ddd7

  • SHA512

    d2c0624b37d5b235ed6354d03f9132fa1288b973c566dd6bf08e425cac4a329bf42c87944db8b6fb56e7fc7a30ded70b74945194c28f1cdb63e9ec9201066052

  • SSDEEP

    393216:/tHi6dQ2Jih0jQ1ubDQo84DbA9b8SPO1mLilMrkC/dAGT81aY3qH:/tZaR2fDQo84DE9gSPO1wMG/741a4M

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup Balancer v1.0.3.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup Balancer v1.0.3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3232
    • C:\Users\Admin\AppData\Local\Temp\is-9LDNO.tmp\Setup Balancer v1.0.3.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9LDNO.tmp\Setup Balancer v1.0.3.tmp" /SL5="$70204,18557346,488448,C:\Users\Admin\AppData\Local\Temp\Setup Balancer v1.0.3.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9LDNO.tmp\Setup Balancer v1.0.3.tmp
    Filesize

    1.5MB

    MD5

    120bf0e000cf44eaf52a7b450620683e

    SHA1

    527c60d6d63e71bc8a7da4ec3f6be052abba8a1a

    SHA256

    e606ce3229110ca936572cbdf8b3293f385a485ca47a091591f011ff7a9a70b8

    SHA512

    4a682925203384c7e74b7893b53f52180ed08e7af8a4987a06314aa15c6f685ea11002dd3c03923033bca89cbe005f3b9f4b8a00481cf90da8b126359ad086d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-CST2L.tmp\R2RINNO.dll
    Filesize

    4KB

    MD5

    0f8bbab51c5f70093b7ed7dd825d68e8

    SHA1

    a96809560b3e9001124083937a339cf2453a94c8

    SHA256

    7fc4fa7f5cea34df0a6733527081886cfb1c49b369df2db454de87cc4e70bdb5

    SHA512

    7b824ad5d7ec786535106d98bc80c9350f35ac2b76d7ee20163e90becf076dfeaca4732c0ecbe2d3d84a2efef337c380d5548ca0123e69e66e30bb396f0b9b81

    Download Submit

  • memory/1732-6-0x0000000002480000-0x0000000002481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1732-12-0x0000000000400000-0x0000000000586000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1732-13-0x0000000002480000-0x0000000002481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3232-1-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/3232-11-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download