Overview

overview

7

Static

static

3

Setup242.exe

windows7-x64

7

Setup242.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup242.exe

  • Size

    1.7MB

  • MD5

    3f99779799b8a0b4410cdcf725ac621f

  • SHA1

    1aa0ec8accbd0f50c586102642ee1413c26e3cb3

  • SHA256

    92a55dcbabf7a3e1e21bb65d65a1847c7d54715c63630bad9ae97d7eae05b767

  • SHA512

    5522a81a97cf95e90adac33ee5dbf769599a132b044c011859b4dfd9da3cf73b04295b3200e21c01434f8f0c319606c3f1a9e97d4fee3c75b1959f5e28e1a188

  • SSDEEP

    24576:9q47KevlS2nhAHhGIU4xEK+zfJZQ8q2xdmVlJVLYCOlBW1PHbcjllA5dEbqId6P:sTeQsWeK+nQ8qed2rLYVWJARlaSbq6W

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup242.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup242.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2108

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nst563C.tmp\ioSpecial.ini
          Filesize

          622B

          MD5

          e6275f7c1762ffac83b002c6b90847f7

          SHA1

          eec0978d21535567cc2162bcfd4bcf7d0a3eee5d

          SHA256

          cf41410f588c1a8d2d13ccb449119a5210518dcbebee61a43075fc88ebc70d25

          SHA512

          0e8fac465eae1bff551488772cf524a7d69bc8ac839c94d390d84fb7e5705d3f25b17c5f2e621a4476e073aff5d8afbc79a8c5e13cdef2cc88397d3f299f5bd2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nst563C.tmp\ioSpecial.ini
          Filesize

          609B

          MD5

          4eca8187fc7b7b59e0b14b996d2acf17

          SHA1

          b08eb2de3112bb4d7d2136f46023a7656e97a535

          SHA256

          a0f3e43206388ea3d7e0dbaca233f5ccbe0e144ff428047f5c86384e74deba02

          SHA512

          e16b5bfe7506e8ab560f0bf39b620781eaa91f2c9991155507267c93cd574aff85ed2d910398118f1c7f1019c3f89d57714c60b74ecf3775949531099f1c0a73

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst563C.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          107737e3282fefd85684f2fa3df6d1c3

          SHA1

          3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f

          SHA256

          21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0

          SHA512

          439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4

          Download Submit