05ebf729fca831b3d58c9886319aa72fab96818f04ee5f3cdfa1dcb84c58323e

Analysis

max time kernel
141s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67fd1bb3a067f4eba34c8f1422887730.exe
Size

8.1MB
MD5

67fd1bb3a067f4eba34c8f1422887730
SHA1

cce25c80f442764b14a1d86a922065117d3980d7
SHA256

05ebf729fca831b3d58c9886319aa72fab96818f04ee5f3cdfa1dcb84c58323e
SHA512

33a10f8e5da39efd84083d53e6eb366eadbf86162eb5769619e662264fa3a2c40215ec87774541acdb7c6f33f72bdaabc84e2585e095dc7f1a7341b8f60a27e9
SSDEEP

196608:Eu3eBj8VX9zpn0UjWSU+g+14clJ5CpQdHRNfhPcI4PJzCGT9qvl+EQ+Erd:Eu3RN10/+14cnTdTfhkIoqcz1d

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2468	setup.exe
3672	setup.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 476 wrote to memory of 2468	476	67fd1bb3a067f4eba34c8f1422887730.exe	93
PID 476 wrote to memory of 2468	476	67fd1bb3a067f4eba34c8f1422887730.exe	93
PID 476 wrote to memory of 2468	476	67fd1bb3a067f4eba34c8f1422887730.exe	93
PID 2468 wrote to memory of 3672	2468	setup.exe	95
PID 2468 wrote to memory of 3672	2468	setup.exe	95
PID 2468 wrote to memory of 3672	2468	setup.exe	95

C:\Users\Admin\AppData\Local\Temp\67fd1bb3a067f4eba34c8f1422887730.exe
"C:\Users\Admin\AppData\Local\Temp\67fd1bb3a067f4eba34c8f1422887730.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:476
- C:\Users\Admin\AppData\Local\Temp\_sb57.dir\setup.exe
  C:\Users\Admin\AppData\Local\Temp\_sb57.dir\setup.exe /f /sourcepath "C:\Users\Admin\AppData\Local\Temp\"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\_sb930.dir\setup.exe
    C:\Users\Admin\AppData\Local\Temp\_sb930.dir\setup.exe "C:\Users\Admin\AppData\Local\Temp\_sb57.dir\" /sourcepath "C:\Users\Admin\AppData\Local\Temp\_sb57.dir\" /SelLan 0409 "CheckId:SetupBuilder Professional 1.5.0001"
    3⤵
    - Executes dropped EXE
    PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_sb57.dir\Setup.exe

Filesize
154KB

MD5
94dbe0e05db59d56c743f87d58184cf2

SHA1
eeccac06d5125384403b79b62e8ad0b796cdf8e0

SHA256
a3a0d80a90794b30f58390c8fc91f3f2990a675cab6661ad9816a02bb3bb39cb

SHA512
029f7a6adcfdecd9aa75844a00129d8a3fe7a3706aa5329d762730287e4b0dccff7b636c63dec5cdfab6a2bd811b05b94f399c31cf7b5ff3ecb67f2fdb7984c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb57.dir\Setup.ins

Filesize
8KB

MD5
03f65e7c3d574fc45e81202bc0031b0b

SHA1
647982ac6b2ca7da1025010cff645aa4831ea02c

SHA256
f086e808de7417f78f71d638c25ca68fbfa012216b27ff8d6ca875155e2c1b75

SHA512
f54b88b1e79ceba1d931bf1b3e7ac37c3db6f1f3dd2c442ffcd52f273ecc4042eee51f743afd4537f7dda75529a2b20721a269b124f6ef342aebc499a940fd91

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb57.dir\_SETUP.LIB

Filesize
28KB

MD5
c4db27781b155f2325a482ca013e9d7c

SHA1
6d51545609e7273cc5cbcb3271cea8ead28d6306

SHA256
fa5eb1f74314cc06d29f9b558b70f72aba04def2a72eb4a078011c9504f11f6b

SHA512
d1921c4ba9ebece495ca3b6dff096bba2c5ac0f80382085367f75a3d6a950857f534d9c85425e4bc8e46106e9d5d40a557fc7ca4373cc87f286802b90092130d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb57.dir\_Setup.z

Filesize
1.4MB

MD5
5274d2fd5adab0c31a4082220fc449d9

SHA1
ec854793779c15bdd9823cb6f5fec12babef7647

SHA256
a2aba5957de7afbebb20aee1a9ce302b458d0aafe62071101f9c0c2e529c2bfe

SHA512
d5d5ffece2e9f0dbba4ad65c27f8c3854470018f5f5194cd9e315368cecd40371e0d758a3c6ba2b6acca8c4d5371d159da9117ad0068a87263b42847d253e72b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb57.dir\_setup.lst

Filesize
1KB

MD5
389db75b0695fe2f3b7970a983ecbc96

SHA1
2f31ae6953cbcdbfd6fec73bd61ec75ea6acaccf

SHA256
284e41cc14baef3751942663635ae47680cc419308277ba868fdca5cc7072673

SHA512
5de91cceaa4c61e5cde34d698722af4567d2684345dcf9fefb0ad219fe2fd60916d835d60ef7115fc954e2a958b90ece5a15d3493177f67b1831d4b1240b9178

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb930.dir\Setup.exe

Filesize
245KB

MD5
6a4179b0e3815cb78ac459826b9fc54e

SHA1
32f7dc191292c1731515e99f629bb192e3f64d71

SHA256
05dafe711e71980e1170c455ecc327bc2ab5626be3beb879c56231c0cb2dd83f

SHA512
efc665055a3caadc0b98e90d6e64acfa2509829d1b0729266ccf2adecc54863d2abb8d31792c582b527d9048e649910665ff37ccc2c8fda15fe7459dd152c164

Download Submit
memory/476-1-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/476-0-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/476-15-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/476-22-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/476-43-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2468-17-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2468-30-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2468-38-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/3672-33-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/3672-34-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/3672-28-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads