Analysis
-
max time kernel
153s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11-01-2024 10:18
Static task
static1
Behavioral task
behavioral1
Sample
53406e9988306cbd4537677c5336aba4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
53406e9988306cbd4537677c5336aba4.exe
Resource
win10v2004-20231215-en
General
-
Target
53406e9988306cbd4537677c5336aba4.exe
-
Size
868KB
-
MD5
53406e9988306cbd4537677c5336aba4
-
SHA1
06becadb92a5fcca2529c0b93687c2a0c6d0d610
-
SHA256
fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
-
SHA512
4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
-
SSDEEP
24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2800 Setup.exe -
Loads dropped DLL 5 IoCs
pid Process 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Setup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Setup.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe 2800 Setup.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3772 wrote to memory of 2800 3772 53406e9988306cbd4537677c5336aba4.exe 94 PID 3772 wrote to memory of 2800 3772 53406e9988306cbd4537677c5336aba4.exe 94 PID 3772 wrote to memory of 2800 3772 53406e9988306cbd4537677c5336aba4.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\53406e9988306cbd4537677c5336aba4.exe"C:\Users\Admin\AppData\Local\Temp\53406e9988306cbd4537677c5336aba4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3772 -
C:\1ddcd05847cef523e02496f7fbfd\Setup.exeC:\1ddcd05847cef523e02496f7fbfd\\Setup.exe /x86 /x64 /ia64 /web2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2800
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5c5bf74c96a711b3f7004ca6bddecc491
SHA14c4d42ff69455f267ce98f1db8f2c5d76a1046da
SHA2566b67c8a77c1a637b72736595afdf77bdb3910aa9fe48d959775806a0683ffa66
SHA5122f2071bf9966bffe64c90263f4b9bd5efcac4f976c4e42fbdeaa5d6a6dee51c33f4902cf5e3d0897e1c841e9182e25c86d42e392887bc3ce3d9ed3d780d96ac9
-
Filesize
59KB
MD5967a6d769d849c5ed66d6f46b0b9c5a4
SHA1c0ff5f094928b2fa8b61e97639c42782e95cc74f
SHA2560bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542
SHA512219b13f1beeb7d690af9d9c7d98904494c878fbe9904f8cb7501b9bb4f48762f9d07c3440efa0546600ff62636ac34cb4b32e270cf90cb47a9e08f9cb473030c
-
Filesize
79KB
MD50b6ed582eb557573e959e37ebe2fca6a
SHA182c19c7eafb28593f453341eca225873fb011d4c
SHA2568a0da440261940ed89bad7cd65bbc941cc56001d9aa94515e346d57b7b0838fc
SHA512aba3d19f408bd74f010ec49b31a2658e0884661d2efda7d999558c90a4589b500570cc80410ba1c323853ca960e7844845729fff708e3a52ea25f597fad90759
-
Filesize
75KB
MD569925e463a6fedce8c8e1b68404502fb
SHA176341e490a432a636ed721f0c964fd9026773dd7
SHA2565f370d2ccdd5fa316bce095bf22670123c09de175b7801d0a77cdb68174ac6b7
SHA5125f61abec49e1f9cc44c26b83aa5b32c217ebeba63ed90d25836f51f810c59f71ec7430dc5338efba9be720f800204891e5ab9a5f5ec1ff51ef46c629482e5220
-
Filesize
80KB
MD58505219c0a8d950ff07dc699d8208309
SHA17a557356c57f1fa6d689ea4c411e727438ac46df
SHA256c48986cdb7fe3401234e0a6540eb394c1201846b5beb1f12f83dc6e14674873a
SHA5127bcdad0cb4b478068434f4ebd554474b69562dc83df9a423b54c1701ca3b43c3b92de09ee195a86c0d244aa5ef96c77b1a08e73f1f2918c8ac7019f8df27b419
-
Filesize
84KB
MD53bf8da35b14fbcc564e03f6342bb71f2
SHA18f9139f0bb813bf95f8c437548738d32848d8940
SHA25639efe12c689edfea041613b0e4d6ec78afec8fe38a0e4adc656591ffef8f415d
SHA51231b050647ba4bd0c2762d77307e1ed2a324e9b152c06ed496b86ea063cdc18bf2bb1f08d2e9b4af3429a2bc333d7891338d7535487c83495304a5f78776dbc03
-
Filesize
75KB
MD5326518603d85acd79a6258886fc85456
SHA1f1cef14bc4671a132225d22a1385936ad9505348
SHA256665797c7840b86379019e5a46227f888fa1a36a593ea41f9170ef018c337b577
SHA512f8a514efd70e81d0f2f983282d69040bca6e42f29aa5df554e6874922a61f112e311ad5d2b719b6ca90012f69965447fb91e8cd4103efb2453ff160a9062e5d3
-
Filesize
16KB
MD59547d24ac04b4d0d1dbf84f74f54faf7
SHA171af6001c931c3de7c98ddc337d89ab133fe48bb
SHA25636d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34
SHA5128b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f
-
Filesize
75KB
MD51aa252256c895b806e4e55f3ea8d5ffb
SHA10322ee94c3d5ea26418a2fea3f7e62ec5d04b81d
SHA2568a68b3b6522c30502202ecb8d16ae160856947254461ac845b39451a3f2db35f
SHA512ce57784892c0be55a00ced0adc594a534d8a40819790ca483a29b6cd544c7a75ae4e9bde9b6dc6de489ceceb7883b7c2ea0e98a38fcc96d511157d61c8aa3e63
-
Filesize
81KB
MD51dad88faed661db34eef535d36563ee2
SHA10525b2f97eddbd26325fddc561bf8a0cda3b0497
SHA2569605468d426bcbbe00165339d84804e5eb2547bfe437d640320b7bfef0b399b6
SHA512ccd0bffbf0538152cccd4b081c15079716a5ff9ad04cee8679b7f721441f89eb7c6f8004cff7e1dde9188f5201f573000d0c078474edf124cfa4c619e692d6bc
-
Filesize
70KB
MD516e6416756c1829238ef1814ebf48ad6
SHA1c9236906317b3d806f419b7a98598dd21e27ad64
SHA256c0ee256567ea26bbd646f019a1d12f3eced20b992718976514afa757adf15dea
SHA512aa595ed0b3b1db280f94b29fa0cb9db25441a1ef54355abf760b6b837e8ce8e035537738e666d27dd2a8d295d7517c325a5684e16304887ccb17313ca4290ce6
-
Filesize
84KB
MD589d4356e0f226e75ca71d48690e8ec15
SHA12336caa971527977f47512bc74e88cec3f770c7d
SHA256fcbb619deb2d57b791a78954b0342dbb2fef7ddd711066a0786c8ef669d2b385
SHA512fa03d55a4aafe94cbf5c134a65bd809fc86c042bc1b8ffbc9a2a5412eb70a468551c05c44b6ce81f638df43cca599aa1dd6f42f2df3012c8a95a3612df7c821e
-
Filesize
78KB
MD5eda1ec689d45c7faa97da4171b1b7493
SHA1807fe12689c232ebd8364f48744c82ca278ea9e6
SHA25680faa30a7592e8278533d3380dcb212e748c190aaeef62136897e09671059b36
SHA5128385a5de4eb6b38169dd1eb03926bc6d4604545801f13d99cee3acede3d34ec9f9d96b828a23ae6246809dc666e67f77a163979679956297533da40f9365bf2c
-
Filesize
66KB
MD564ffa6ff8866a15aff326f11a892bead
SHA1378201477564507a481ba06ea1bc0620b6254900
SHA2567570390094c0a199f37b8f83758d09dd2cecd147132c724a810f9330499e0cbf
SHA512ea5856617b82d13c9a312cb4f10673dbc4b42d9ac5703ad871e8bdfcc6549e262e61288737ab8ebcf77219d24c0822e7dacf043d1f2d94a97c9b7ec0a5917ef2
-
Filesize
63KB
MD578c16da54542c9ed8fa32fed3efaf10d
SHA1ad8cfe972c8a418c54230d886e549e00c7e16c40
SHA256e3e3a2288ff840ab0e7c5e8f7b4cfb1f26e597fb17cfc581b7728116bd739ed1
SHA512d9d7bb82a1d752a424bf81be3d86abea484acbb63d35c90a8ee628e14cf34a7e8a02f37d2ea82aa2ce2c9aa4e8416a7a6232c632b7655f2033c4aaab208c60bf
-
Filesize
77KB
MD56506b4e64ebf6121997fa227e762589f
SHA171bc1478c012d9ec57fc56a5266dd325b7801221
SHA256415112ae783a87427c2fadd7b010ade4f1a7c23b27e4b714b7b507c16b572a1c
SHA51239024ea9d42352f7c1bd6fefe0574054eceb4059f773cfaeb26c42faada2540ae95fb34718d30ccb6da157d2597f80d12a024461fbd0e8d510431ba6ffa81ec2
-
Filesize
77KB
MD5120104fa24709c2a9d8efc84ff0786cd
SHA1b513fa545efae045864d8527a5ec6b6cebe31bb9
SHA256516525636b91c16a70aef8d6f6b424dc1ee7f747b8508b396ee88131b2bb0947
SHA5121ea8eb2be9d5f4ef6f1f2c0d90cb228a9bb58d7143ccafe77e18ce52ec4aca25dde0ba18430fd4d3d7962d079ccbe7e2552b2c7090361e03c6fdfb7c2b9c7325
-
Filesize
80KB
MD5bdb583c7a48f811be3b0f01fcea40470
SHA1e8453946a6b926e4f4ae5b02ba1d648daf23e133
SHA256611b7b7352188adffd6380b9c8a85b8ff97c09a1c293bb7ac0ef5478a0e18ac8
SHA51227b02226f8f86ca4d00789317c79e8ca0089f5b910bed14aa664eeab6be66e98de3bafd7670c895d70ab9c34ece5f05199f3556fddc1b165904e3432a51c008d
-
Filesize
78KB
MD5a03d2063d388fc7a1b4c36d85efa5a1a
SHA188bd5e2ff285ee421ccc523f7582e05a8c3323f8
SHA25661d8339e89a9e48f8ae2d929900582bb8373f08d553ec72d5e38a0840b47c8a3
SHA5123a219f36e57d90ca92e9faec4dfd34841c2c9244da4fe7e1d70608dde7857aa36325bdb46652a42922919f782bb7c97f567e69a9fc51942722b8fd66cd4ecaf0
-
Filesize
79KB
MD5349b52a81342a7afb8842459e537ecc6
SHA16268343e82fbbabe7618bd873335a8f9f84ed64d
SHA256992bf5aeb06aa3701d50c23fa475b4b86d8997383c9f0e3425663cfbd6b8a2a5
SHA512ef4cbd3f7f572a9f146a524cfbc2efbd084e6c70a65b96a42339adc088e3f0524bc202548340969481e7f3df3ac517ac34b200b56a3b9957802abd0efa951c49
-
Filesize
75KB
MD5b3b1a89458bec6af82c5386d26639b59
SHA1d9320b8cc862f40c65668a40670081079b63cea1
SHA2561ef312e8be9207466fbfdecee92bfc6c6b7e2da61979b0908eaf575464e7b7a0
SHA512478ce08619490ed1ecdd8751b5f60da1ee4ac0d08d9a97468c3f595ac4376feca59e9c72dd9c83b00c8d78b298be757c6f24a422b7be8c041f780524844998bf
-
Filesize
75KB
MD565e771fed28b924942a10452bbbf5c42
SHA1586921b92d5fb297f35effc2216342dac1ae2355
SHA25645e30569a756d9bcbc5f9dae78bda02751fd25e1c0aee471ce112cb4464a6ee2
SHA512d014a2a96f3a5c487ef1caddd69599dbec15da5ad689d68009f1ca4d5cb694105a7903f508476d6ffec9d81386cb184df6fc428d34f056190cee30715514a8f7
-
Filesize
59KB
MD510da125eeabcbb45e0a272688b0e2151
SHA16c4124ec8ca2d03b5187ba567c922b6c3e5efc93
SHA2561842f22c6fd4caf6ad217e331b74c6240b19991a82a1a030a6e57b1b8e9fd1ec
SHA512d968abd74206a280f74bf6947757cca8dd9091b343203e5c2269af2e008d3bb0a17ff600eb961dbf69a93de4960133ade8d606fb9a99402d33b8889f2d0da710
-
Filesize
78KB
MD57fa9926a4bc678e32e5d676c39f8fb97
SHA1bba4311dd30261a9b625046f8a6ea215516c9213
SHA256a25ee75c78c24c50440ad7de9929c6a6e1cc0629009dc0d01b90cbac177dd404
SHA512e06423bc1ea50a566d341dc513828608e9b6611fea81d33fca471a38f6b2b61b556ea07a5dec0830f3e87194975d87f267a5e5e1a2be5e6a86b07c5bb2bddcb6
-
Filesize
78KB
MD52d54fe70376db0218e8970b28c1c4518
SHA183ee9ac93142751f23d5bb858f7264e27ea2eab0
SHA256d17c5b638e2a4d43212d21a2052548c8d4909eb6410e30b8a951a292bcdbbedd
SHA51220c0fb9a046911bc2d702ab321c3992262ac0f80f33ddda5ec2ccafe9ef07611774223369e0dc7cb91c9cda1cbd65c598a7e1c914d6e6ca4b00205a16411be30
-
Filesize
15KB
MD5cd131d41791a543cc6f6ed1ea5bd257c
SHA1f42a2708a0b42a13530d26515274d1fcdbfe8490
SHA256e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
SHA512a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a
-
Filesize
265KB
MD57213da83e0f0b8ae4fea44ae1cb7f62b
SHA1f2e3fcc77a1ad4d042253bd2e0010bcb40b68ed3
SHA25659e67e4fb46e5490eee63d8b725324f1372720ade7345c74c6138c4a76ea73d9
SHA51286186ab0f2cb38e520dd1284042eced157f96874846eb9061be9cf56b84a1cab5901a4879e105a8b04b336bbc43b03f4bdf198d43af868be188602347db829e0
-
Filesize
76KB
MD5006f8a615020a4a17f5e63801485df46
SHA178c82a80ebf9c8bf0c996dd8bc26087679f77fea
SHA256d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be
SHA512c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76
-
Filesize
788KB
MD584c1daf5f30ff99895ecab3a55354bcf
SHA17e25ba36bcc7deed89f3c9568016ddb3156c9c5a
SHA2567a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd
SHA512e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3
-
Filesize
288KB
MD5eb881e3dddc84b20bd92abcec444455f
SHA1e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1
SHA25611565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7
SHA5125750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75
-
Filesize
29KB
MD52fadd9e618eff8175f2a6e8b95c0cacc
SHA19ab1710a217d15b192188b19467932d947b0a4f8
SHA256222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093
SHA512a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca
-
Filesize
40KB
MD50966fcd5a4ab0ddf71f46c01eff3cdd5
SHA18f4554f079edad23bcd1096e6501a61cf1f8ec34
SHA25631c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3
SHA512a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce
-
Filesize
13KB
MD58a28b474f4849bee7354ba4c74087cea
SHA1c17514dfc33dd14f57ff8660eb7b75af9b2b37b0
SHA2562a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b
SHA512a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369
-
Filesize
37KB
MD58b8b0a935dc591799a0c6d52fdc33460
SHA1ce2748bd469aad6e90b06d98531084d00611fb89
SHA25657a9ccb84cae42e0d8d1a29cfe170ac3f27bdcae829d979cddfd5e757519b159
SHA51293009b3045939b65a0c1d25e30a07a772bd73dda518529462f9ce1227a311a4d6fd7595f10b4255cc0b352e09c02026e89300a641492f14df908ad256a3c9d76
-
Filesize
1KB
MD57e55ddc6d611176e697d01c90a1212cf
SHA1e2620da05b8e4e2360da579a7be32c1b225deb1b
SHA256ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed
SHA512283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e
-
Filesize
1KB
MD57d62e82d960a938c98da02b1d5201bd5
SHA1194e96b0440bf8631887e5e9d3cc485f8e90fbf5
SHA256ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5
SHA512ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67
-
Filesize
35KB
MD53d25d679e0ff0b8c94273dcd8b07049d
SHA1a517fc5e96bc68a02a44093673ee7e076ad57308
SHA256288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f
SHA5123bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255
-
Filesize
9KB
MD5b2b1d79591fca103959806a4bf27d036
SHA1481fd13a0b58299c41b3e705cb085c533038caf5
SHA256fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11
SHA5125fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2
-
Filesize
141KB
MD53f0363b40376047eff6a9b97d633b750
SHA14eaf6650eca5ce931ee771181b04263c536a948b
SHA256bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c
SHA512537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8