Overview

overview

7

Static

static

3

Onaf_setup.exe

windows7-x64

7

Onaf_setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1793s
  • max time network
    1146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2023, 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Onaf_setup.exe

  • Size

    60.4MB

  • MD5

    638c3f6fdac184d4f2cb2d547150fa40

  • SHA1

    fd6d044c27f897b4e6773d98bc6d5d0cfc39e431

  • SHA256

    8a733dd050b55fbbd58eeb57269ddb774fa79ac0142073507afd5428b92d5adb

  • SHA512

    bf612c288d5fb990af060eb7ca38cd61faba9b03a8b955719fb5444db87f826a7890a616ef5b4fa907180095e06286df87ea7d90764d3374f0350f2fc5db2999

  • SSDEEP

    1572864:OZpC+Ek85Fuynn/+EXTypulYjPfmkcrg2LvLcL:OTCXZNnocicTI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Onaf_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Onaf_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4800
    • C:\Users\Admin\AppData\Local\Temp\is-9HG3T.tmp\Onaf_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9HG3T.tmp\Onaf_setup.tmp" /SL5="$5021C,63091890,56832,C:\Users\Admin\AppData\Local\Temp\Onaf_setup.exe"
      2⤵
      • Executes dropped EXE
      PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9HG3T.tmp\Onaf_setup.tmp
    Filesize

    690KB

    MD5

    a2c4d52c66b4b399facadb8cc8386745

    SHA1

    c326304c56a52a3e5bfbdce2fef54604a0c653e0

    SHA256

    6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

    SHA512

    2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-9HG3T.tmp\Onaf_setup.tmp
    Filesize

    690KB

    MD5

    a2c4d52c66b4b399facadb8cc8386745

    SHA1

    c326304c56a52a3e5bfbdce2fef54604a0c653e0

    SHA256

    6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

    SHA512

    2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

    Download Submit

  • memory/4800-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4800-11-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4960-6-0x0000000000660000-0x0000000000661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4960-12-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4960-15-0x0000000000660000-0x0000000000661000-memory.dmp

    Filesize

    4KB

    Download