ba3672bda29c0329cabb83c93bfbf730b2a7e04e5a5c3f186c424d2dd7f52048

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 22:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup Trackspacer v2.5.9.exe
Size

16.6MB
MD5

e2ce1dc7bcf0455b7f99997cc08fa775
SHA1

aa5576421e47360033f63cd2fc85bd493fddf73a
SHA256

ba3672bda29c0329cabb83c93bfbf730b2a7e04e5a5c3f186c424d2dd7f52048
SHA512

69efa5cf1697d1e1c5f4a7f3964fb1e0a3a5b1aefa0acc2c21aab0962c2b541f2cb7000f99d9cdc08428a06b0b9fdb4bffa235c23d2346e0a5d3da905372d145
SSDEEP

393216:6kVDDoB8xaSsaCGtwOPTbVhArMqhi4M0PxkxH/qLFKCSzo:dhU86AtwONhAANqkVy528

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2828	Setup Trackspacer v2.5.9.tmp

Loads dropped DLL 4 IoCs

pid	Process
2124	Setup Trackspacer v2.5.9.exe
2828	Setup Trackspacer v2.5.9.tmp
2828	Setup Trackspacer v2.5.9.tmp
2828	Setup Trackspacer v2.5.9.tmp

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1952	taskmgr.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe
1952	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2828	Setup Trackspacer v2.5.9.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2828	2124	Setup Trackspacer v2.5.9.exe	28
PID 2124 wrote to memory of 2828	2124	Setup Trackspacer v2.5.9.exe	28
PID 2124 wrote to memory of 2828	2124	Setup Trackspacer v2.5.9.exe	28
PID 2124 wrote to memory of 2828	2124	Setup Trackspacer v2.5.9.exe	28
PID 2124 wrote to memory of 2828	2124	Setup Trackspacer v2.5.9.exe	28
PID 2124 wrote to memory of 2828	2124	Setup Trackspacer v2.5.9.exe	28
PID 2124 wrote to memory of 2828	2124	Setup Trackspacer v2.5.9.exe	28

C:\Users\Admin\AppData\Local\Temp\Setup Trackspacer v2.5.9.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Trackspacer v2.5.9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\is-MC8BQ.tmp\Setup Trackspacer v2.5.9.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-MC8BQ.tmp\Setup Trackspacer v2.5.9.tmp" /SL5="$70122,16959315,230400,C:\Users\Admin\AppData\Local\Temp\Setup Trackspacer v2.5.9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2828

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-MC8BQ.tmp\Setup Trackspacer v2.5.9.tmp

Filesize
1.2MB

MD5
f850a5e76daecad64cd1ab7a0a943ee9

SHA1
bde9685038e6e26cf78670d4122997f6a4ce3ca8

SHA256
f0ad561140bbe8e8ee034fdb2f5550301e1756d3beeaad45f2c6c43c98f68f03

SHA512
e0492895bc07c86466a4011aea70fbff4b7c566c9875b51d2dc739c9707d9e242a4672310c5a49dd7333e53236f7d0aa7fe16d1e229fd67cc53b8e8eed20c62f

Download Submit
\Users\Admin\AppData\Local\Temp\is-MC8BQ.tmp\Setup Trackspacer v2.5.9.tmp

Filesize
1.2MB

MD5
f850a5e76daecad64cd1ab7a0a943ee9

SHA1
bde9685038e6e26cf78670d4122997f6a4ce3ca8

SHA256
f0ad561140bbe8e8ee034fdb2f5550301e1756d3beeaad45f2c6c43c98f68f03

SHA512
e0492895bc07c86466a4011aea70fbff4b7c566c9875b51d2dc739c9707d9e242a4672310c5a49dd7333e53236f7d0aa7fe16d1e229fd67cc53b8e8eed20c62f

Download Submit
\Users\Admin\AppData\Local\Temp\is-OSU3N.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-OSU3N.tmp\R2RINNO.dll

Filesize
4KB

MD5
fe369a9470426cf1570198224f8922b0

SHA1
82cf9e81262feaa0648b20c90c88b53c9d1e9e01

SHA256
75e01c305e8e28eea25dea2b4b83c3d230ee6ec4ae4fe017bc7b52292e27b961

SHA512
fb31b0a0dd982f1e25f68027ae39ab2eeaeb53d570b0f60204fa058d356773c70d56fa420c12a4ee8cfaf6040be320304e16f6a8343b4b70ae231dbb3291570f

Download Submit
\Users\Admin\AppData\Local\Temp\is-OSU3N.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
memory/1952-557-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1952-556-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1952-555-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2124-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2124-554-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2124-276-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2828-50-0x0000000074910000-0x0000000074949000-memory.dmp

Filesize
228KB

Download
memory/2828-56-0x0000000076BB0000-0x0000000076C50000-memory.dmp

Filesize
640KB

Download
memory/2828-25-0x00000000770E0000-0x0000000077137000-memory.dmp

Filesize
348KB

Download
memory/2828-26-0x0000000075D10000-0x000000007695A000-memory.dmp

Filesize
12.3MB

Download
memory/2828-27-0x0000000074BE0000-0x0000000074C18000-memory.dmp

Filesize
224KB

Download
memory/2828-28-0x0000000074A60000-0x0000000074B7F000-memory.dmp

Filesize
1.1MB

Download
memory/2828-29-0x00000000749D0000-0x0000000074A5C000-memory.dmp

Filesize
560KB

Download
memory/2828-30-0x0000000076B80000-0x0000000076BAA000-memory.dmp

Filesize
168KB

Download
memory/2828-31-0x0000000074990000-0x00000000749C2000-memory.dmp

Filesize
200KB

Download
memory/2828-32-0x0000000074810000-0x0000000074905000-memory.dmp

Filesize
980KB

Download
memory/2828-33-0x0000000076F30000-0x00000000770CD000-memory.dmp

Filesize
1.6MB

Download
memory/2828-34-0x0000000006EA0000-0x0000000006F01000-memory.dmp

Filesize
388KB

Download
memory/2828-35-0x0000000075230000-0x00000000752BF000-memory.dmp

Filesize
572KB

Download
memory/2828-36-0x0000000077160000-0x00000000772BC000-memory.dmp

Filesize
1.4MB

Download
memory/2828-37-0x0000000076BB0000-0x0000000076C50000-memory.dmp

Filesize
640KB

Download
memory/2828-38-0x0000000074DC0000-0x0000000074DC9000-memory.dmp

Filesize
36KB

Download
memory/2828-40-0x00000000770E0000-0x0000000077137000-memory.dmp

Filesize
348KB

Download
memory/2828-39-0x0000000074ED0000-0x000000007506E000-memory.dmp

Filesize
1.6MB

Download
memory/2828-41-0x0000000075D10000-0x000000007695A000-memory.dmp

Filesize
12.3MB

Download
memory/2828-42-0x00000000759A0000-0x0000000075A1B000-memory.dmp

Filesize
492KB

Download
memory/2828-45-0x0000000075910000-0x0000000075993000-memory.dmp

Filesize
524KB

Download
memory/2828-46-0x0000000074BE0000-0x0000000074C18000-memory.dmp

Filesize
224KB

Download
memory/2828-47-0x0000000074BC0000-0x0000000074BD7000-memory.dmp

Filesize
92KB

Download
memory/2828-48-0x0000000074A60000-0x0000000074B7F000-memory.dmp

Filesize
1.1MB

Download
memory/2828-49-0x0000000074990000-0x00000000749C2000-memory.dmp

Filesize
200KB

Download
memory/2828-23-0x0000000076BB0000-0x0000000076C50000-memory.dmp

Filesize
640KB

Download
memory/2828-51-0x0000000074810000-0x0000000074905000-memory.dmp

Filesize
980KB

Download
memory/2828-52-0x0000000076F30000-0x00000000770CD000-memory.dmp

Filesize
1.6MB

Download
memory/2828-53-0x0000000074790000-0x00000000747C6000-memory.dmp

Filesize
216KB

Download
memory/2828-54-0x0000000006EA0000-0x0000000006F01000-memory.dmp

Filesize
388KB

Download
memory/2828-55-0x0000000075230000-0x00000000752BF000-memory.dmp

Filesize
572KB

Download
memory/2828-24-0x0000000076DA0000-0x0000000076E3D000-memory.dmp

Filesize
628KB

Download
memory/2828-59-0x0000000074ED0000-0x000000007506E000-memory.dmp

Filesize
1.6MB

Download
memory/2828-58-0x0000000074DA0000-0x0000000074DB2000-memory.dmp

Filesize
72KB

Download
memory/2828-60-0x00000000770E0000-0x0000000077137000-memory.dmp

Filesize
348KB

Download
memory/2828-57-0x0000000076DA0000-0x0000000076E3D000-memory.dmp

Filesize
628KB

Download
memory/2828-61-0x00000000759A0000-0x0000000075A1B000-memory.dmp

Filesize
492KB

Download
memory/2828-63-0x0000000074E30000-0x0000000074E43000-memory.dmp

Filesize
76KB

Download
memory/2828-66-0x0000000074990000-0x00000000749C2000-memory.dmp

Filesize
200KB

Download
memory/2828-65-0x00000000749D0000-0x0000000074A5C000-memory.dmp

Filesize
560KB

Download
memory/2828-67-0x0000000074910000-0x0000000074949000-memory.dmp

Filesize
228KB

Download
memory/2828-64-0x0000000075910000-0x0000000075993000-memory.dmp

Filesize
524KB

Download
memory/2828-68-0x0000000074810000-0x0000000074905000-memory.dmp

Filesize
980KB

Download
memory/2828-69-0x0000000076F30000-0x00000000770CD000-memory.dmp

Filesize
1.6MB

Download
memory/2828-70-0x0000000075200000-0x0000000075227000-memory.dmp

Filesize
156KB

Download
memory/2828-71-0x0000000006EA0000-0x0000000006F01000-memory.dmp

Filesize
388KB

Download
memory/2828-72-0x0000000076BB0000-0x0000000076C50000-memory.dmp

Filesize
640KB

Download
memory/2828-73-0x0000000074DC0000-0x0000000074DC9000-memory.dmp

Filesize
36KB

Download
memory/2828-74-0x0000000074DA0000-0x0000000074DB2000-memory.dmp

Filesize
72KB

Download
memory/2828-75-0x0000000074ED0000-0x000000007506E000-memory.dmp

Filesize
1.6MB

Download
memory/2828-76-0x00000000770E0000-0x0000000077137000-memory.dmp

Filesize
348KB

Download
memory/2828-78-0x0000000075910000-0x0000000075993000-memory.dmp

Filesize
524KB

Download
memory/2828-79-0x00000000749D0000-0x0000000074A5C000-memory.dmp

Filesize
560KB

Download
memory/2828-80-0x0000000074990000-0x00000000749C2000-memory.dmp

Filesize
200KB

Download
memory/2828-81-0x0000000074910000-0x0000000074949000-memory.dmp

Filesize
228KB

Download
memory/2828-82-0x0000000074810000-0x0000000074905000-memory.dmp

Filesize
980KB

Download
memory/2828-83-0x0000000076F30000-0x00000000770CD000-memory.dmp

Filesize
1.6MB

Download
memory/2828-22-0x0000000077160000-0x00000000772BC000-memory.dmp

Filesize
1.4MB

Download
memory/2828-279-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2828-21-0x0000000075230000-0x00000000752BF000-memory.dmp

Filesize
572KB

Download
memory/2828-17-0x0000000006EA0000-0x0000000006F01000-memory.dmp

Filesize
388KB

Download
memory/2828-14-0x0000000006EA0000-0x0000000006F01000-memory.dmp

Filesize
388KB

Download
memory/2828-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download