Overview

overview

7

Static

static

3

wstsetup.exe

windows7-x64

7

wstsetup.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 07:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wstsetup.exe

  • Size

    3.2MB

  • MD5

    ac7de1d66de92dc38329a19affb89aa5

  • SHA1

    5ef19485d8c4dc1cf497046734b78311fbc1d466

  • SHA256

    0ba76f4359b30029a5cc8c78f3699115d743c7c2f324545becd493994a28c933

  • SHA512

    be713c5edf9073bd712762f097006d73e9f0e453f4c2377dc49ca0f4b4227b2977e4963a466d0392bd0c01e6270da5996ef40c8741dd61440d02d0f35976c62a

  • SSDEEP

    98304:NCFl2VWWg/jECfw5KmDR0Ac70u9u9s8p/BQxe:NCromACo5bDR0AXX/j

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 39 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wstsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\wstsetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3504
    • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
      C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe setup.dat
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:5264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr
    Filesize

    382KB

    MD5

    6f62a128317dc3990bb4cd30742ddeee

    SHA1

    b04584b9e01c4b5fd28fbca1e10484dbbcb70db7

    SHA256

    d7d7b66c43181bd86335b25ba81cedaf624c64497e8465ee6a15d59f76f793b9

    SHA512

    de616bc293e1eedfb792c2a525b52bf29162e33e8280b74a26d24adecb0e58ffaa6131270e6ca9310044f2c4498b361b3e950532089a5118926802c0ebcab53e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr
    Filesize

    381KB

    MD5

    8acbb8c961bf995dceb5a05b40094ee9

    SHA1

    ee9840385c6dc76c4775be677164c299006bc024

    SHA256

    26398f0698bf690789d157f73c1dfd701b51bf160546b64f85292535a783c5d9

    SHA512

    df764277bdea8e69e238892a99cf5f4065287d35faf88261211672ddfdd6447854fb25c5535d054626039a34f7f1270e1c2d257bdce57834aa34393f642e1369

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.dat
    Filesize

    381KB

    MD5

    490510cf8eb84443ca74905f48fbd5eb

    SHA1

    09ab6f5404234ad31a4f478702f6dddfb6c7e679

    SHA256

    929af35af2c667e13674213593b49f52307aed4b4c25e1a5aa9f21f17899a3a8

    SHA512

    3e316f18c4bcb0e216670d2f1caf1a248c4382acb52c56d93e34851d3151d523728dd166c1e077f961cfb98f245d6b4a4edcb7ccd690870ee417e4b03d61bd90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    30KB

    MD5

    7de8a9ce8297ab6194783f768d238f7c

    SHA1

    e5277e152d1aafbe7593b1cff1cab92ff812054f

    SHA256

    9599cb4ce9dd8c2260b88f11a47c1e6f44116a14ef57137d63ba551b714c33dc

    SHA512

    33a933ad6ace71a9539a286df0972fe9047475d7a560e9529d15a407eefc9333c762cf065abc9cb1f981af5511aef1f0127844fe6be0b9eaeadf46fe7fde21e3

    Download Submit

  • memory/5264-8-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/5264-13-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download