c351eaf5edb0db9cb3c26e825e1457789903b2af5a734c796740010d6bd080a6

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 11:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

1.4MB
MD5

c1dc83d49a31f55bda3e131a4fcd0781
SHA1

a9caa16621370027a292f192921ffc852ad67c8e
SHA256

ce2cb1b600384f96c477eb1e673ff3a31980218389e18e83558337de7cc197de
SHA512

39a03282fe889f6b15d11a4872c632da59ca16893d21a878f1690592e65932af56eccc0cc4914c52e9f946f66a934d4240d9f8daef0fcdbc7ce97164d39d610d
SSDEEP

24576:PI39dseltHKVyWuWGMlhUAlOaMWO6+3Bd3iLB+E/iDMlSrkGvoVn:P6dvTWnbUAMae6+R5yB+E/e4Gy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1464	is-UCBNA.tmp

Loads dropped DLL 3 IoCs

pid	Process
2340	setup.exe
1464	is-UCBNA.tmp
1464	is-UCBNA.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1464	is-UCBNA.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 1464	2340	setup.exe	28
PID 2340 wrote to memory of 1464	2340	setup.exe	28
PID 2340 wrote to memory of 1464	2340	setup.exe	28
PID 2340 wrote to memory of 1464	2340	setup.exe	28
PID 2340 wrote to memory of 1464	2340	setup.exe	28
PID 2340 wrote to memory of 1464	2340	setup.exe	28
PID 2340 wrote to memory of 1464	2340	setup.exe	28

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\is-UQ80A.tmp\is-UCBNA.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-UQ80A.tmp\is-UCBNA.tmp" /SL4 $4014E "C:\Users\Admin\AppData\Local\Temp\setup.exe" 1181572 175616
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-UQ80A.tmp\is-UCBNA.tmp

Filesize
512KB

MD5
fa761f1d8ce6435020622d1e386c6ac6

SHA1
a9eb3e90e50c146ef69849b84cc8979a5959b6f9

SHA256
02bd634b23c2e40bbe65306093627be92571b350d82df66660dc4b7469d6623e

SHA512
a02363e2fcf542dadf5b027bb103effd7fc84c67a1daf79cf0f0297ba406090d3a34bf130cefb322c60723a27295d1241750fd7d07d0c76b22972ca8101d1f86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UQ80A.tmp\is-UCBNA.tmp

Filesize
513KB

MD5
8e9fec89d0f2b7fef9d8abf8c43f1a7d

SHA1
d0c1063a3ebf600d13b5c2cf36ef313dc1d60068

SHA256
d8d62cdc3cafa6b77cd8c939a7e6b79536ae5517440d64156dc5422bdb5d2582

SHA512
b9eb7f069c263bfd768fe440f7e9bfd8de7497084a6c2f1957fdffabc402effa53420898243f1d47eb9b672177bc0ba558f7155cded83ce949c7fb7631f56a95

Download Submit
\Users\Admin\AppData\Local\Temp\is-C8O3N.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-UQ80A.tmp\is-UCBNA.tmp

Filesize
756KB

MD5
e027794419aa7cf8a9b0ade815f26450

SHA1
380800844b403341fddd6632ecec0cfc4e0ea84a

SHA256
ab4d395c317b6c9e70ce3a479a3c254e764952e849a4277fae67cf97d3e321e9

SHA512
e9f635167b6223a9bfd75566206360e23ef8db5b54eae60db329ab93166655ccb7a2806edee73fda4928f0f34056e76f8460bfd4a01b55558ead2fb515052e49

Download Submit
memory/1464-16-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2340-1-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2340-15-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download