95acc4d1a274dd2edf1755278413d6d9e5e6485ade610a571c772e98c0fd30a1

Analysis

max time kernel
141s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12/01/2024, 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DISTRAINT.v06.12.16-PiviGames.blog/REDIST/VCRedist 2010 x32.exe
Size

4.8MB
MD5

cede02d7af62449a2c38c49abecc0cd3
SHA1

b84b83a8a6741a17bfb5f3578b983c1de512589d
SHA256

66b797b3b4f99488f53c2b676610dfe9868984c779536891a8d8f73ee214bc4b
SHA512

d2d99e06d49a5990b449cf31d82a33104a6b45164e76fbeb34c43d10bcd25c3622af52e59a2d4b7f5f45f83c3ba4d23cf1a5fc0c03b3606f42426988e63a9770
SSDEEP

98304:TsPj6quMBYyuSFOMKykvYgS/ylTpHufHMpPbOZ39c7T3eeom2vJtPShg:wPjzayuSgMKykQgSaTkvMxEYT3OfPShg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
416	Setup.exe

Loads dropped DLL 5 IoCs

pid	Process
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe
416	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 416	1912	VCRedist 2010 x32.exe	89
PID 1912 wrote to memory of 416	1912	VCRedist 2010 x32.exe	89
PID 1912 wrote to memory of 416	1912	VCRedist 2010 x32.exe	89

C:\Users\Admin\AppData\Local\Temp\DISTRAINT.v06.12.16-PiviGames.blog\REDIST\VCRedist 2010 x32.exe
"C:\Users\Admin\AppData\Local\Temp\DISTRAINT.v06.12.16-PiviGames.blog\REDIST\VCRedist 2010 x32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- \??\c:\b25e93c6fa4a87e9115a94\Setup.exe
  c:\b25e93c6fa4a87e9115a94\Setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HFIB3B1.tmp.html

Filesize
16KB

MD5
b7ca90e0f0903f8d12fedb245212d508

SHA1
785b5378e03038ee9d11f7e91ef367c1627ccd74

SHA256
eae05aec1a331d28e4fe909af44e23c11debae2b6a0147cf135114ede80cd808

SHA512
b060efe6df90c08f4edbdc386ed60ca829a009316e3fe3ebbcc104da1b9721e581e1d53dc5ed64218e6985724e9eede79b7356b013abc6bd43f839b1ed33176d

Download Submit
C:\b25e93c6fa4a87e9115a94\Setup.exe

Filesize
76KB

MD5
9a1141fbceeb2e196ae1ba115fd4bee6

SHA1
922eacb654f091bc609f1b7f484292468d046bd1

SHA256
28563d908450eb7b7e9ed07a934e0d68135b5bb48e866e0a1c913bd776a44fef

SHA512
b044600acb16fc3be991d8a6dbc75c2ca45d392e66a4d19eacac4aee282d2ada0d411d832b76d25ef505cc542c7fa1fdb7098da01f84034f798b08baa4796168

Download Submit
C:\b25e93c6fa4a87e9115a94\SetupEngine.dll

Filesize
56KB

MD5
bbcfbfb2ff4b559368d71ae29850a9a6

SHA1
f7bbcf26997e3492c42f801f6e4f6d5698d9103e

SHA256
fccdd796cd62df361cb0793aa1e335d185aa927a6f53c12727ed02af41f80d44

SHA512
7afcf78a426463db38251a22b0e5654f0d8072a38a13304e57f0d10b51b39a90dcdce467d779b4579ca8f0c5cd68639cc7ff8c1f69aeea974d65f143d145e91c

Download Submit
C:\b25e93c6fa4a87e9115a94\sqmapi.dll

Filesize
36KB

MD5
41052bdd9f22320e67633b46f84ead0b

SHA1
010f48aaf4786e22eed086be7f6b1e56afd74df7

SHA256
663a847349665740f52722cdb9505bbdbc1bd55bb9ad9c4ec3a1a099c8f1d88b

SHA512
af044255fba5618b74962be60482b974e9d179b308f46d80001ce3611d5641de845e2852e2ddbc2080c105ed88421eb8c3c7a8277a02b64921c747a20b2fd373

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1028\LocalizedData.xml

Filesize
29KB

MD5
7fc06a77d9aafca9fb19fafa0f919100

SHA1
e565740e7d582cd73f8d3b12de2f4579ff18bb41

SHA256
a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a

SHA512
466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1031\LocalizedData.xml

Filesize
40KB

MD5
b83c3803712e61811c438f6e98790369

SHA1
61a0bc59388786ced045acd82621bee8578cae5a

SHA256
2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6

SHA512
e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1033\LocalizedData.xml

Filesize
38KB

MD5
d642e322d1e8b739510ca540f8e779f9

SHA1
36279c76d9f34c09ebddc84fd33fcc7d4b9a896c

SHA256
5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9

SHA512
e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1036\LocalizedData.xml

Filesize
40KB

MD5
e382abc19294f779d2833287242e7bc6

SHA1
1ceae32d6b24a3832f9244f5791382865b668a72

SHA256
43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf

SHA512
06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1040\LocalizedData.xml

Filesize
39KB

MD5
0af948fe4142e34092f9dd47a4b8c275

SHA1
b3d6dd5c126280398d9055f90e2c2c26dbae4eaa

SHA256
c4c7c0ddaa6d6a3a1dc260e9c5a24bdfaa98c427c69e8a65427dd7cac0a4b248

SHA512
d97b5fe2553ca78a3019d53e33d2db80c9fa1cf1d8d2501d9ddf0576c7e6ea38dab754fe4712123abf34b97e10b18fb4bbd1c76d3dacb87b4682e501f93423d9

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1041\LocalizedData.xml

Filesize
33KB

MD5
7fcfbc308b0c42dcbd8365ba62bada05

SHA1
18a0f0e89b36818c94de0ad795cc593d0e3e29a9

SHA256
01e7d24dd8e00b5c333e96d1bb83813e02e96f89aad0c2f28f84551d28abbbe2

SHA512
cd6f912a037e86d9e1982c73f0f8b3c4d5a9a6b5b108a7b89a46e6691e430a7cb55718de9a0c05650bb194c8d4a2e309ad6221d638cfca8e16aa5920881ba649

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1042\LocalizedData.xml

Filesize
32KB

MD5
71dfd70ae141f1d5c1366cb661b354b2

SHA1
c4b22590e6f6dd5d39e5158b831ae217ce17a776

SHA256
cccda55294aeb4af166a8c0449bca2189ddf5aa9a43d5e939dd3803e61738331

SHA512
5000d62f3de41c3fb0ed8a8e9c37dbf4eb427c4f1e3ad3823d4716c6fe62250bac11b7987a302b8a45d91aabcf332457f7aff7d99f15edeffe540639e9440e8a

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\1049\LocalizedData.xml

Filesize
39KB

MD5
0eeb554d0b9f9fcdb22401e2532e9cd0

SHA1
08799520b72a1ef92ac5b94a33509d1eddf6caf8

SHA256
beef0631c17a4fb1ff0b625c50c6cb6c8ce90a1ae62c5e60e14bf3d915ad509c

SHA512
2180e46a5a2ea1f59c879b729806ca02a232c66660f29c338c1fa7fbee2afa4b13d8777d1f7b63cf831eb42f3e55282d70aa8e53f40616b8a6e4d695c36e313d

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\2052\LocalizedData.xml

Filesize
30KB

MD5
52b1dc12ce4153aa759fb3bbe04d01fc

SHA1
bf21f8591c473d1fce68a9faf1e5942f486f6eba

SHA256
d1735c8cfd8e10ba019d70818c19fa865e7c72f30ab6421a3748408f85fb96c3

SHA512
418903ae9a7baebf73d055e4774ff1917fbaab9ee7ed8c120c34bb10e7303f6dd7b7dae701596d4626387a30ae1b4d329a9af49b8718b360e2ff619c56c19623

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\3082\LocalizedData.xml

Filesize
39KB

MD5
5397a12d466d55d566b4209e0e4f92d3

SHA1
fcffd8961fb487995543fc173521fdf5df6e243b

SHA256
f124d318138ff084b6484deb354cca0f72296e1341bf01169792b3e060c89e89

SHA512
7708f5a2ad3e4c90c4c216600435af87a1557f60caf880a3dd9b5f482e17399af9f0b9de03ff1dbdd210583e0fec5b466e35794ac24d6d37f9bbc094e52fc77b

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\3082\SetupResources.dll

Filesize
17KB

MD5
b5bac5815e01a14c21b00b1b75bee7a2

SHA1
07bea6680d51c83d230ce9f8e849c34135ba0c50

SHA256
8ba0dbb6cff5ff4269946ec67e6f64d15083414e34646e60e18a548afed91dff

SHA512
fdbcf102663ffd3ad615022e99b7703c9c66654fab8e50ed580859e3334519ec99a45b931c1ba5498c92d2d56a2cb7b8a48e8aa3f061f27f7e8f6df5d6ebb5f9

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\ParameterInfo.xml

Filesize
8KB

MD5
46db5d342d306778cab61e413a84fece

SHA1
d0885ae1f706e014015cacb0cd67ca786d0962c2

SHA256
227bd903261486663665ba232b753781bafd7afba68b5614ad93d6d1f5a1e16b

SHA512
5de734ce86888ae41db113be13b8b6652f67de8e7ff0dc062a3e217e078ccafacf44117bbfff6e26d6c7e4fa369855e87b4926e9bdfa96f466a89a9d9c67a5bc

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\SetupEngine.dll

Filesize
490KB

MD5
9dcb4a0710eb3bfba6d7f8d98909bd54

SHA1
092e2b15afb92822e2507225499e8625cca6a2fa

SHA256
ee5cbc6af97ed20c9ddd17043d11745cb2a78b421b7cb23c68d353fbac5c355e

SHA512
452e3790ee4f9571a1e0da5216835ffe2fa6edc4e26203d9f19403fdad04c3061ba32d304d7d91ba83b93751c66afeb72466844ef3b21f126890233d7f605125

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\SetupUi.dll

Filesize
288KB

MD5
c744ec120e54027c57318c4720b4d6be

SHA1
ab65fc4e68ad553520af049129fae4f88c7eff74

SHA256
d1610b0a94a4dadc85ee32a7e5ffd6533ea42347d6f2d6871beb03157b89a857

SHA512
6dcd0ab7b8671e17d1c15db030ee5349ab3a123595c546019cf9391ce05f9f63806149c3ec2f2c71635cb811ab65ad47bcd7031e2eff7a59059577e47dd600a7

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\Strings.xml

Filesize
13KB

MD5
332adf643747297b9bfa9527eaefe084

SHA1
670f933d778eca39938a515a39106551185205e9

SHA256
e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

SHA512
bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\UiInfo.xml

Filesize
35KB

MD5
4f90fcef3836f5fc49426ad9938a1c60

SHA1
89eba3b81982d5d5c457ffa7a7096284a10de64a

SHA256
66a0299ce7ee12dd9fc2cfead3c3211e59bfb54d6c0627d044d44cef6e70367b

SHA512
4ce2731c1d32d7ca3a4f644f4b3111f06223de96c1e241fcc86f5fe665f4db18c8a241dae4e8a7e278d6afbf91b235a2c3517a40d4d22d9866880e19a7221160

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\graphics\print.ico

Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\graphics\save.ico

Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\graphics\setup.ico

Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\header.bmp

Filesize
7KB

MD5
3ad1a8c3b96993bcdf45244be2c00eef

SHA1
308f98e199f74a43d325115a8e7072d5f2c6202d

SHA256
133b86a4f1c67a159167489fdaeab765bfa1050c23a7ae6d5c517188fb45f94a

SHA512
133442c4a65269f817675adf01adcf622e509aa7ec7583bca8cd9a7eb6018d2aab56066054f75657038efb947cd3b3e5dc4fe7f0863c8b3b1770a8fa4fe2e658

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\sqmapi.dll

Filesize
48KB

MD5
c95a3876b34f823aedf2e05139e1e6e1

SHA1
ea25ce01edd3855a2e11000ba1ed65429a2804e9

SHA256
1e2f3eac1366ecd4cd11d3d2767ee310e32304b21263ad090fa7c0eca0ec66f3

SHA512
d3941af25069918920ae3aa3ca5427b3d711bcd710e2efc4c60fdcf7427068e958ea92122e5842a001fabf8d92002ecddc256f079545e00b726fbac8341e176f

Download Submit
\??\c:\b25e93c6fa4a87e9115a94\watermark.bmp

Filesize
301KB

MD5
1a5caafacfc8c7766e404d019249cf67

SHA1
35d4878db63059a0f25899f4be00b41f430389bf

SHA256
2e87d5742413254db10f7bd0762b6cdb98ff9c46ca9acddfd9b1c2e5418638f2

SHA512
202c13ded002d234117f08b18ca80d603246e6a166e18ba422e30d394ada7e47153dd3cce9728affe97128fdd797fe6302c74dc6882317e2ba254c8a6db80f46

Download Submit
memory/416-106-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/416-107-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download