4c38305f90c60865b90bd5ae7ea7283d40ebf55efa4ae99317043155f29acfb9

Analysis

max time kernel
131s
max time network
137s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 23:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

4.9MB
MD5

826e5fdb1ce8abc5aa6eada4089df75b
SHA1

a807125c364d4d440e8e579bbee4da4e0c7f207a
SHA256

4c38305f90c60865b90bd5ae7ea7283d40ebf55efa4ae99317043155f29acfb9
SHA512

860708095ed0666942bc9d2774da245741ab65dea5e80b84a492d0319a24e10a40eb32f17b3a7b3d92aee3f4bfcdd08794318cfa30e8393f79be22318ecefe8c
SSDEEP

98304:Yf7wCQInrje/CAVMJy1W8c8qApYi+Z/5KsWRN:Yfn6/VSl8U/HK7b

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2164	setup.tmp

Loads dropped DLL 10 IoCs

pid	Process
2136	setup.exe
2164	setup.tmp
2164	setup.tmp
2164	setup.tmp
2164	setup.tmp
2164	setup.tmp
2164	setup.tmp
2164	setup.tmp
2164	setup.tmp
2164	setup.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2164	setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2164	setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2164	2136	setup.exe	28
PID 2136 wrote to memory of 2164	2136	setup.exe	28
PID 2136 wrote to memory of 2164	2136	setup.exe	28
PID 2136 wrote to memory of 2164	2136	setup.exe	28
PID 2136 wrote to memory of 2164	2136	setup.exe	28
PID 2136 wrote to memory of 2164	2136	setup.exe	28
PID 2136 wrote to memory of 2164	2136	setup.exe	28

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Users\Admin\AppData\Local\Temp\is-GS2OG.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-GS2OG.tmp\setup.tmp" /SL5="$70126,4583864,140800,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-GS2OG.tmp\setup.tmp

Filesize
1.4MB

MD5
ae9890548f2fcab56a4e9ae446f55b3f

SHA1
e17c970eebbe6d7d693c8ac5a7733218800a5a96

SHA256
09af8004b85478e1eca09fa4cb5e3081dddcb2f68a353f3ef6849d92be47b449

SHA512
154b6f66ff47db48ec0788b8e67e71f005b51434920d5d921ac2a5c75745576b9b960e2e53c6a711f90f110ad2372ef63045d2a838bc302367369ef1731c80eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GS2OG.tmp\setup.tmp

Filesize
1.4MB

MD5
ae9890548f2fcab56a4e9ae446f55b3f

SHA1
e17c970eebbe6d7d693c8ac5a7733218800a5a96

SHA256
09af8004b85478e1eca09fa4cb5e3081dddcb2f68a353f3ef6849d92be47b449

SHA512
154b6f66ff47db48ec0788b8e67e71f005b51434920d5d921ac2a5c75745576b9b960e2e53c6a711f90f110ad2372ef63045d2a838bc302367369ef1731c80eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\MusicButton.png

Filesize
1KB

MD5
473a683962d3375a00f93dd8ce302158

SHA1
1c0709631834fd3715995514eef875b2b968a6be

SHA256
7f4ad4d912cdabdfbb227387759db81434e20583687737f263d4f247326f0c1a

SHA512
24ffe03b5de8aec324c363b4be1d0ae4c8981176a9f78a359f140de792251e4f2e3e82e2a6f3c19ff686de5588e8665409ddc56fc9532418f6d476869f3f1f9e

Download Submit
\Users\Admin\AppData\Local\Temp\is-GS2OG.tmp\setup.tmp

Filesize
1.4MB

MD5
ae9890548f2fcab56a4e9ae446f55b3f

SHA1
e17c970eebbe6d7d693c8ac5a7733218800a5a96

SHA256
09af8004b85478e1eca09fa4cb5e3081dddcb2f68a353f3ef6849d92be47b449

SHA512
154b6f66ff47db48ec0788b8e67e71f005b51434920d5d921ac2a5c75745576b9b960e2e53c6a711f90f110ad2372ef63045d2a838bc302367369ef1731c80eb

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\BASS.dll

Filesize
103KB

MD5
8005750ec63eb5292884ad6183ae2e77

SHA1
c83e31655e271cd9ef5bff62b10f8d51eb3ebf29

SHA256
df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15

SHA512
febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\ISDone.dll

Filesize
380KB

MD5
63dc27b7bc65243efaa59a9797a140ba

SHA1
22f893aefcebecc9376e2122a3321befa22cdd73

SHA256
c652b4b564b3c85c399155cbb45c6fb5a9f56f074e566bfd20f01da6e0412c74

SHA512
3df72dc171baa4698dfd0c324a96dde79eb1c8909f2ff7d8da40e5ca1de08f1fc26298139ab618e0bb3fa168efe5d6059398b90d8ff5f88e54c7988c21fb679e

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\idp.dll

Filesize
220KB

MD5
af555ac9c073f88fe5bf0d677f085025

SHA1
5fff803cf273057c889538886f6992ea05dd146e

SHA256
f4fc0187491a9cb89e233197ff72c2405b5ec02e8b8ea640ee68d034ddbc44bb

SHA512
c61bf21a5b81806e61aae1968d39833791fd534fc7bd2c85887a5c0b2caedab023d94efdbbfed2190b087086d3fd7b98f2737a65f4536ab603dec67c9a8989f5

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-L2JNE.tmp\wintb.dll

Filesize
16KB

MD5
9436df49e08c83bad8ddc906478c2041

SHA1
a4fa6bdd2fe146fda2e78fdbab355797f53b7dce

SHA256
1910537aa95684142250ca0c7426a0b5f082e39f6fbdbdba649aecb179541435

SHA512
f9dc6602ab46d709efdaf937dcb8ae517caeb2bb1f06488c937be794fd9ea87f907101ae5c7f394c7656a6059dc18472f4a6747dcc8cc6a1e4f0518f920cc9bf

Download Submit
memory/2136-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2136-70-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2164-73-0x0000000002190000-0x00000000021F5000-memory.dmp

Filesize
404KB

Download
memory/2164-74-0x000000006B080000-0x000000006B08D000-memory.dmp

Filesize
52KB

Download
memory/2164-58-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2164-69-0x0000000008B10000-0x0000000008B11000-memory.dmp

Filesize
4KB

Download
memory/2164-24-0x0000000002190000-0x00000000021F5000-memory.dmp

Filesize
404KB

Download
memory/2164-71-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/2164-72-0x0000000000870000-0x0000000000885000-memory.dmp

Filesize
84KB

Download
memory/2164-20-0x0000000000870000-0x0000000000885000-memory.dmp

Filesize
84KB

Download
memory/2164-75-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-76-0x0000000008B20000-0x0000000008B2F000-memory.dmp

Filesize
60KB

Download
memory/2164-63-0x0000000008B20000-0x0000000008B2F000-memory.dmp

Filesize
60KB

Download
memory/2164-77-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2164-78-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-84-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-91-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-95-0x0000000000870000-0x0000000000885000-memory.dmp

Filesize
84KB

Download
memory/2164-98-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-99-0x0000000008B20000-0x0000000008B2F000-memory.dmp

Filesize
60KB

Download
memory/2164-105-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-112-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-115-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/2164-119-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2164-126-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download