9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02-12-2023 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

installer-bundle.exe
Size

297.0MB
MD5

89201ce10536a148d50965df4e4369b3
SHA1

01f86c9b588dc0581f2395f94ee741b3d93a5b37
SHA256

f88a27309d2915e04cd8ccac850db250f214ade9ce0fe38029f0214283ebb5c4
SHA512

347d9f7ffad6c003ad093fae1c6eef87ea6947d0e9f0090a0a874f8ea5200160f15ef0ad359f566f592c96e498946889915e1fb3822abb85dd3c717e95a82dfa
SSDEEP

196608:DJyNdoogJhRAV1Ptfq58Kmrax9r222222222222222222222222222222222222P:lcdoNhC/Ptgmyczm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2044	installer-bundle.tmp

Loads dropped DLL 2 IoCs

pid	Process
1336	installer-bundle.exe
2044	installer-bundle.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 2044	1336	installer-bundle.exe	28
PID 1336 wrote to memory of 2044	1336	installer-bundle.exe	28
PID 1336 wrote to memory of 2044	1336	installer-bundle.exe	28
PID 1336 wrote to memory of 2044	1336	installer-bundle.exe	28
PID 1336 wrote to memory of 2044	1336	installer-bundle.exe	28
PID 1336 wrote to memory of 2044	1336	installer-bundle.exe	28
PID 1336 wrote to memory of 2044	1336	installer-bundle.exe	28

C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe
"C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp" /SL5="$40108,310535746,790016,C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp

Filesize
3.0MB

MD5
44829118fc0c9b36ea8d91f48dba8563

SHA1
30dfea0d7697799531f9ba8bb444e1ecc3725401

SHA256
8835af27dd9f28a3120d2430e4a69db22af8e927bdd7060dcb064be08c4aff02

SHA512
5da3eb4565372b5053a8b009bf22b57f957c9254cc0035a3f05a6143282b91743cef74cd14b8b2fa0eb0b6052fd158315d9e68040713ff50ad47f83607ce6814

Download Submit
\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp

Filesize
3.0MB

MD5
44829118fc0c9b36ea8d91f48dba8563

SHA1
30dfea0d7697799531f9ba8bb444e1ecc3725401

SHA256
8835af27dd9f28a3120d2430e4a69db22af8e927bdd7060dcb064be08c4aff02

SHA512
5da3eb4565372b5053a8b009bf22b57f957c9254cc0035a3f05a6143282b91743cef74cd14b8b2fa0eb0b6052fd158315d9e68040713ff50ad47f83607ce6814

Download Submit
\Users\Admin\AppData\Local\Temp\is-A6NSU.tmp\_isetup\_isdecmp.dll

Filesize
34KB

MD5
c6ae924ad02500284f7e4efa11fa7cfc

SHA1
2a7770b473b0a7dc9a331d017297ff5af400fed8

SHA256
31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26

SHA512
f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

Download Submit
memory/1336-1-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1336-17-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2044-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2044-15-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads