560c219fec57345c1c688081405591ce860371d217fd4ba022a38751997a16d9

Analysis

max time kernel
133s
max time network
11s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
09-01-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

5.5MB
MD5

cd207abacc2760e04e547ec653c076dc
SHA1

dbcd8920082b2ec25d932ba047e7474a8a797817
SHA256

560c219fec57345c1c688081405591ce860371d217fd4ba022a38751997a16d9
SHA512

68177d0c18bf69b23274e9f709f8a71fafac1b86f72f494aa446eaead49332abd6a419fb534de04c95368f22e28c4479d1411bb2852e9d3a26e803e14df2df70
SSDEEP

49152:EoWG8dw59jVh6CME44hXe9is8MDz/leCcVvHwJXgnZM0TdUotgHweomg2JRmZ/c4:E+59jVhTPo98achwQrJ9UlzWkc7v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
1484	tmp5l5r4s.tmp
4564	tmpclte3x.tmp
1428	tmp5zf1qz.tmp
2932	tmpr0rzrh.tmp
1904	tmpnlefie.tmp
756	tmpcdn1lw.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1484	tmp5l5r4s.tmp
1484	tmp5l5r4s.tmp

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1484	tmp5l5r4s.tmp
1484	tmp5l5r4s.tmp

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1484	2220	setup.exe	81
PID 2220 wrote to memory of 1484	2220	setup.exe	81
PID 2220 wrote to memory of 4564	2220	setup.exe	80
PID 2220 wrote to memory of 4564	2220	setup.exe	80
PID 2220 wrote to memory of 1428	2220	setup.exe	73
PID 2220 wrote to memory of 1428	2220	setup.exe	73
PID 2220 wrote to memory of 2932	2220	setup.exe	77
PID 2220 wrote to memory of 2932	2220	setup.exe	77
PID 2220 wrote to memory of 1904	2220	setup.exe	76
PID 2220 wrote to memory of 1904	2220	setup.exe	76
PID 2220 wrote to memory of 756	2220	setup.exe	75
PID 2220 wrote to memory of 756	2220	setup.exe	75

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\tmp5zf1qz.tmp
  "C:\Users\Admin\AppData\Local\Temp\tmp5zf1qz.tmp"
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Users\Admin\AppData\Local\Temp\tmpcdn1lw.tmp
  "C:\Users\Admin\AppData\Local\Temp\tmpcdn1lw.tmp"
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Users\Admin\AppData\Local\Temp\tmpnlefie.tmp
  "C:\Users\Admin\AppData\Local\Temp\tmpnlefie.tmp"
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Users\Admin\AppData\Local\Temp\tmpr0rzrh.tmp
  "C:\Users\Admin\AppData\Local\Temp\tmpr0rzrh.tmp"
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Users\Admin\AppData\Local\Temp\tmpclte3x.tmp
  "C:\Users\Admin\AppData\Local\Temp\tmpclte3x.tmp"
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Users\Admin\AppData\Local\Temp\tmp5l5r4s.tmp
  "C:\Users\Admin\AppData\Local\Temp\tmp5l5r4s.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp5l5r4s.tmp

Filesize
69KB

MD5
67ad562b61de0eba4d18a1bfffe2dca6

SHA1
1fcfc2585f3cd0ac70bc40c9b5e7904bed795629

SHA256
c7f809e5c2d68b7f17fd4fc1296cf6b1543f73855ba7639eb2e9fff925fbc01f

SHA512
f04b45f7735317cad0e2d6a2095ae52e27117bd5068ead5884b90f6f66f1df3f12e58c2d3421b0e80956eea0cb7e18ff6a4f8f581f8e6d51f708efe48b622edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5l5r4s.tmp

Filesize
65KB

MD5
6e06a1140191df252a366d2e78fd2569

SHA1
c2f3168501857be08a5104dab2671709cf571175

SHA256
d3f732c6cec96231a33fbf04aba7ddf9044fc2757b27482f40c00a5bbf608fdb

SHA512
7f1c11e8ac2ea94dd9d7f237e0118dc5111bbf0a2c200db83f4e39207a31e289a8ff53e83ebb9f2f8089ecc156985979bd4099f45c3284ce3a54b645e8be10ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5zf1qz.tmp

Filesize
63KB

MD5
713fc0ba2c6be3375bd8e857467369bb

SHA1
f9c00750b6b96a5bacbacb2f2a216d191ed14707

SHA256
2a27f942b866975a2fae4e87d7208d4f0789178c83e17b0f2a262921c1f84871

SHA512
e310b8003b027eb012d67740264741f9907cd3c3d3d9bb81b858b27440229f7eff995514288ccf3529bb80e31339454c3af8bafa447b4826fe5ae688d2d51056

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5zf1qz.tmp

Filesize
88KB

MD5
69d0a9ba2fc1cae4f7378d0e658e1787

SHA1
4e6698980b7895a280184684b1a18856e8633833

SHA256
badba3f29be8540cc959d143a3dbe136ce407ff040e62d5759eca1a175a6995e

SHA512
4c619f38340e2503e96823caff94243aa36a0d34fdc301a31440a59f0fb887f2886eb2ac73aa0fbfa777fde2d6ccc1b069fef775603cd142ba09f9cbf3db35dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpcdn1lw.tmp

Filesize
31KB

MD5
e2549422525fcf855fa2f9b815d54984

SHA1
0421709840bcc4fedc1b74ba1838ffb96f86eac7

SHA256
6fba1fcde375af8e0a199b6d4e49f13ee9fd1b7a66f56d114945a44498552a4d

SHA512
1f9b7c4d1f4de7a433e02aa4be773a6a105bf161424019eed7b25afe32cac7d5d646816685751f3ee0383bdaca4578f0490bc78faac720ab6af11dc8343e6a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpcdn1lw.tmp

Filesize
73KB

MD5
200d3d10d3c84c1c43bf14687a10646b

SHA1
9afccf934cfe57dc5d908396413ce8461de634fb

SHA256
7bec364ee3b87588d90e5c226fa361ac6c5751c5940b377582256c8afb0755a9

SHA512
129f91b28130effd0c8696f2e35bead0e331b73513889c9e67aa969dc316c9daa4ea5ebff865d251cfff38d82279ea6e257b16596228b31fc91408f0b79f6d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpclte3x.tmp

Filesize
106KB

MD5
b22d823a8bf86cb122645b50e9aadfd9

SHA1
9cf9af37412f86186adb101ddcb2245c0bee1b09

SHA256
deabf75f04a0f32627025bc3281d1014a4cdf0384fc18ccd0b71aa132e26b946

SHA512
d610e96a52d1364a70cf11c70ede5640e6e6c7fcd7a294175ea58167afee0413e50daa0b2307b3b55bf4159cbf21853a1200b16d8f5a7a035a7a78f71bab033c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpclte3x.tmp

Filesize
61KB

MD5
a18eeb8403ba1881ababdf503bb0d5a1

SHA1
b4f030f6df0dd6d024715c3a44118be562024017

SHA256
5b57e2aac50ce2728055ab7e63dbb9c19359afab08b185b72343f3338fede641

SHA512
0bcceb72da2eddd2695046f8821c1d9870c80703040d7ba71ce3b15463fd093851797ace64701e4d82b0efd657fa2f3befc65e2c1135a2deaa79df4a6a91f101

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpnlefie.tmp

Filesize
60KB

MD5
353d6659eaa296edcfbda70463463ac8

SHA1
5a585d18e1ea30e35ed22696ca8fc053651d8bf5

SHA256
da37dc349861db2d220d86fc9765702203200c38209c6dccbf7aaa1182e55c21

SHA512
864afb2ca7ff5e8a2aeab3bbf357b5c3b4393c7c6483272b2de7030a73972738bc68e4abe7e40e92aa1ae548f041886df91ee538cd5cdfe4355df2a99c5d1fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpnlefie.tmp

Filesize
37KB

MD5
1970f8e36a1ed4e622aa7ea0829ce423

SHA1
a92e23759c3bf3a3247209b7a027e7bf71e0caef

SHA256
66a131e0714214f6cfbb6e2fa63522fa9fada8a51a2606431d816e135777fd51

SHA512
f3a597f8ab31345abaa3d3d02f5fdd0e1409fe9d5d4a9e73c6e7079d1ba8dd26a8dbfd2c6a5d7031397b68cb8449ad53f4bf3ca30bae4c77fd8eeb5d7f05d4f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpr0rzrh.tmp

Filesize
42KB

MD5
fb9b2b0c09bd6b672ed651c75fe478f6

SHA1
659a86e9bb201a7cf49ce20ef8a1a41138113998

SHA256
22ac5f207c2d10b9ba93809fdc6e302a011341754234b75b94df8081ee9ef1b7

SHA512
368078926927e498701fb3ac79495ec62ec18f24f9798353e846ad5f3d93915ef88d36c65c86f6052c272720633276159d1ecc451d491bbf63864f24b7050ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpr0rzrh.tmp

Filesize
61KB

MD5
ca56e03d0c48729b4154681eeb62c24d

SHA1
86a9978f3cf65166c4f106359e4fb3612296e6aa

SHA256
155fbd69b78e801b81854deadbe76b3614111fa51f90ce2d250d5b6f0e85acc2

SHA512
99b8b699a6d73dac895b662d450f7500452b0b23990a692986010482ad56748911a5f3082f007ca4a595186445f1ede972bac4889d1f5c3846b41fbb5899fc78

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads