a5ff15aac4d426aaa68e22be303fbf693f6ad173623d4e7e4d3a10d7ab909fe1

Resubmissions

26/01/2024, 15:33

240126-sy9ddsggb6 10

26/01/2024, 15:30

26/01/2024, 15:26

26/01/2024, 15:25

26/01/2024, 15:21

26/01/2024, 15:20

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

17.7MB
MD5

9ddb68a9bc7bd5eeb9e22a454467d572
SHA1

12ff0bb7b8e7f45ac1824eafef3e37faa6269922
SHA256

79b1fe3e05b8618492329f126a6b4a0747d3270fcd996ece3dbf4d695285e470
SHA512

88530501cc2f169c00ceca618390dcf6e09e879bd22a069e263420bdef606574db6297c68c7c0aa8f7c30c1d7b543939c9ca6d6c3fc6afdcfacf0d09db60a4f5
SSDEEP

393216:6qPnLFXlreQpDOETgsvfGapgmRvEaiOpjIq:PPLFXNeQoEthmGH

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1336	Setup.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a495-111.dat	upx
behavioral1/memory/1336-113-0x000007FEF6200000-0x000007FEF666E000-memory.dmp	upx

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2320	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2320	vlc.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe
2320	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2320	vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1336	2404	Setup.exe	28
PID 2404 wrote to memory of 1336	2404	Setup.exe	28
PID 2404 wrote to memory of 1336	2404	Setup.exe	28

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Loads dropped DLL
  PID:1336

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2356

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ApproveStep.mp2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24042\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/1336-113-0x000007FEF6200000-0x000007FEF666E000-memory.dmp

Filesize
4.4MB

Download
memory/2320-236-0x000000013F750000-0x000000013F848000-memory.dmp

Filesize
992KB

Download
memory/2320-237-0x000007FEF6A10000-0x000007FEF6A44000-memory.dmp

Filesize
208KB

Download
memory/2320-238-0x000007FEF5710000-0x000007FEF59C4000-memory.dmp

Filesize
2.7MB

Download
memory/2320-239-0x000007FEF4250000-0x000007FEF52FB000-memory.dmp

Filesize
16.7MB

Download
memory/2320-240-0x000007FEF3570000-0x000007FEF3682000-memory.dmp

Filesize
1.1MB

Download