4a8bdae9eb91a9500425a8891669a39628a730cc8c3b38d1f17dd4491033b412

Analysis

max time kernel
50s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2023, 01:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

5.9MB
MD5

c37022476ea56c5039ac2514b25fe02a
SHA1

0ee5c54a33ea72a2ea5a97ba92388d2f5d9d454a
SHA256

4a8bdae9eb91a9500425a8891669a39628a730cc8c3b38d1f17dd4491033b412
SHA512

c8ff18ee4edb26b68a0f5f3aabd57d516dd193c7dd575607ca5b88889de3e7965699e826b25588cac754f8d71daf4ba6d8382035c49eb80b7b78addb10ebcdea
SSDEEP

98304:af7wCQInrje/CAVMltebdcd1apDQbwIftlR5UPddNDi6LDafqurzWRsMbL59JbWf:afn6/VqwbdcalATR54HNFOhWsmZW+k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2060	setup.tmp

Loads dropped DLL 13 IoCs

pid	Process
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp
2060	setup.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3428	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3428	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2060	setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 2060	1532	setup.exe	92
PID 1532 wrote to memory of 2060	1532	setup.exe	92
PID 1532 wrote to memory of 2060	1532	setup.exe	92

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Users\Admin\AppData\Local\Temp\is-KGBND.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-KGBND.tmp\setup.tmp" /SL5="$A0064,5618433,140800,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:2060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x2f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\BASS.dll

Filesize
33KB

MD5
05956443449eccfb7d3c5c11f84a40c5

SHA1
d1ed30116043a1db36daf88de8778e76d4e613e5

SHA256
f9242ee9afc79817fa85354518f401d703715ed5055bd34617576c8aa1f7550f

SHA512
fbb0a9672d6101980b8ce5ac6974a0d379b9050431c09b75bb790fbb9490e26c6dcc236dd4191b76a6460ec774bf60420c85bb419f980a486b6d4160873fa238

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\ISDone.dll

Filesize
132KB

MD5
a4440ff97269006f301532053369e8a4

SHA1
d58d2264abcbb3b87d8be33056d7aa6bc51bdc65

SHA256
776c3bcedb9ad33335ea6ee1ac43abf9c98b338723381c2f8d80275f79d366e8

SHA512
f24afe4dc9f3eb64e81c5b43c35098770e9fc88e253f4c0df5db012794ef632dc9e6722a0d3086bf19a8fc8d671c3c41513106c5db978cb081b226c17adec3d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\ISDone.dll

Filesize
77KB

MD5
cbd636c00cd50d55e6e5f26d508bfdb2

SHA1
8b5243907200fee74cf2a3019abe0d2368ba85fb

SHA256
454cf81e78cf6bda01f3fa50373a8c226f1b30889ec694006078db4a8e46698b

SHA512
708e15c7aa97f573017f9dde85859cea93c997b020f4f67ad07859af4abbba75436b07a60146f64e065d0a1b981444440a03e852db040e8d57c2ebe1c638f126

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\MusicButton.png

Filesize
1KB

MD5
473a683962d3375a00f93dd8ce302158

SHA1
1c0709631834fd3715995514eef875b2b968a6be

SHA256
7f4ad4d912cdabdfbb227387759db81434e20583687737f263d4f247326f0c1a

SHA512
24ffe03b5de8aec324c363b4be1d0ae4c8981176a9f78a359f140de792251e4f2e3e82e2a6f3c19ff686de5588e8665409ddc56fc9532418f6d476869f3f1f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\idp.dll

Filesize
144KB

MD5
dc385eed6cdc4aeca0eb79671b40cf00

SHA1
dae09c87f73f01bafd8433fac17f2d3a0fde1481

SHA256
b0461bbabfb58b5fce2caff21262960856e5df965318d88d949ada41b236e840

SHA512
90041c7c54d2e10b962923dfd39aa27f52c83c5f5ccf12ba26eb774938b5671288b4f5b50b8d6d5c874fbb31ff1e39702d3fd99097658bf872e95a1313a9cccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\isslideshow.dll

Filesize
106KB

MD5
c5d65ec08a4dcee0ef91c1d7b8491873

SHA1
4a108e55b7581898f621387f6b469abb6fec1bb8

SHA256
b5d3373c9a60bb3e26c56fd1d75c39f5244376f21b859b0920ac984a68a4eba0

SHA512
dfb05b90eb9f0721722e111774f8cd163a2a7fcb088237c0b0d40aac0ab523bb3c10926b8ba07c1447dd5e3ad44650fc7871d39274171dbdd57bf3f960238ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\isslideshow.dll

Filesize
50KB

MD5
e289500e7eeb96e57301c1999def8fa4

SHA1
13320e009591ac325469f2f641dc006e221772a9

SHA256
ac45a27de4c7dea3588d4c1b719dfc3883293efe5541d13bd2d3899fd61d3ed4

SHA512
331d1ca11c5516fa44db397d65fbf9fcb6b6229bb3360592e406b3858f99fd64adb5a2f2c4a4270e1ca203241cfff79ede4cf834c5320c00f9ae46659ea6562e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IVSP4.tmp\wintb.dll

Filesize
16KB

MD5
9436df49e08c83bad8ddc906478c2041

SHA1
a4fa6bdd2fe146fda2e78fdbab355797f53b7dce

SHA256
1910537aa95684142250ca0c7426a0b5f082e39f6fbdbdba649aecb179541435

SHA512
f9dc6602ab46d709efdaf937dcb8ae517caeb2bb1f06488c937be794fd9ea87f907101ae5c7f394c7656a6059dc18472f4a6747dcc8cc6a1e4f0518f920cc9bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGBND.tmp\setup.tmp

Filesize
93KB

MD5
7ae1c0780d257baddef8275b68113900

SHA1
28476da4fd11496e5372448be0fed8854f9e1391

SHA256
fa559621aa7981055728d4c1973329b253c1c1a395ea9bc8d2899c5ce69bf1c1

SHA512
49413a203e598d6e5952c5191452849d414f5367a89d6b695683e1bdfc39514f689a382da78d8d03c414068077ddc79d92959a6f900f15a95550eda122fc9360

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGBND.tmp\setup.tmp

Filesize
127KB

MD5
f46c3989dc89b4181db45c377517e0ca

SHA1
04f7780d82d6cc13dc67b0e767086d08748ac66c

SHA256
39f658eaeba318970bc301e95545beba6473e204a5ae79874b1101540e1c32f8

SHA512
2add1ed18f805371a62d4b46160fdd9f404377060bbdbe2d934039b4a47f8627cf2a5a84a3a8364dc4f42a27c780180829e0d1db19d9c7eedbeb8a069080db25

Download Submit
memory/1532-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1532-133-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1532-2-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1532-40-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2060-55-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2060-84-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2060-42-0x00000000033A0000-0x00000000033B5000-memory.dmp

Filesize
84KB

Download
memory/2060-44-0x00000000033E0000-0x0000000003457000-memory.dmp

Filesize
476KB

Download
memory/2060-41-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/2060-30-0x0000000003570000-0x000000000361F000-memory.dmp

Filesize
700KB

Download
memory/2060-67-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2060-37-0x00000000033E0000-0x0000000003457000-memory.dmp

Filesize
476KB

Download
memory/2060-76-0x000000000B8A0000-0x000000000B8AF000-memory.dmp

Filesize
60KB

Download
memory/2060-31-0x0000000003570000-0x000000000361F000-memory.dmp

Filesize
700KB

Download
memory/2060-32-0x00000000033C0000-0x00000000033C2000-memory.dmp

Filesize
8KB

Download
memory/2060-83-0x000000000B890000-0x000000000B891000-memory.dmp

Filesize
4KB

Download
memory/2060-21-0x00000000033A0000-0x00000000033B5000-memory.dmp

Filesize
84KB

Download
memory/2060-43-0x0000000003570000-0x000000000361F000-memory.dmp

Filesize
700KB

Download
memory/2060-85-0x0000000003570000-0x000000000361F000-memory.dmp

Filesize
700KB

Download
memory/2060-87-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/2060-88-0x00000000033A0000-0x00000000033B5000-memory.dmp

Filesize
84KB

Download
memory/2060-93-0x000000000B8A0000-0x000000000B8AF000-memory.dmp

Filesize
60KB

Download
memory/2060-92-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2060-91-0x000000006B080000-0x000000006B08D000-memory.dmp

Filesize
52KB

Download
memory/2060-90-0x00000000033E0000-0x0000000003457000-memory.dmp

Filesize
476KB

Download
memory/2060-100-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2060-102-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2060-104-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/2060-109-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/2060-132-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/2060-7-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download