9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe
Size

92.5MB
MD5

c6fbfccb9ab227770293f19345f266c6
SHA1

e971780b1379bf62e62be7ea1e39dcd390a1af90
SHA256

9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f
SHA512

cec21d8df0ac644fb90ddf1a6ab3ee4e3b56c86c1b1c305e6eb0e1b02cb4ade8eaa645ffc7a3419d8ceff8300ed5ba6e01f0d1ed135af28409010b76ab59c3f5
SSDEEP

1572864:hU6i3bMnAvPlF+zs+STRVt9O0JoNYERplnQzJdG9X9y5N3U9ujJ1VQcWkRwvOuZk:hULLMOPlFysHVyDTlnEvj7jnOcZwV8v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3500	setup.exe

Loads dropped DLL 3 IoCs

pid	Process
3500	setup.exe
3500	setup.exe
3500	setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4816	9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe
Token: SeIncBasePriorityPrivilege	4816	9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3500	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 3500	4816	9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe	84
PID 4816 wrote to memory of 3500	4816	9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe	84
PID 4816 wrote to memory of 3500	4816	9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe	84

C:\Users\Admin\AppData\Local\Temp\9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe
"C:\Users\Admin\AppData\Local\Temp\9a7b92ef28f9ee0dce5c414b6fc1a060ccbed12f624c8c1f456c468aef3bef8f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\CHROME.PACKED.7Z" --show-install-ui
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\D3DCompiler_47.dll

Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\libegl.dll

Filesize
364KB

MD5
106cdef7915f4742bdf086ad7d2ee942

SHA1
b3e97ebaa4a030748ede06bf6df2ba6cbff1f47b

SHA256
a3e97ce3d0b26956686786331f38681074a3ef8b8e77f5d8224960350dccf2ca

SHA512
ace460e1c0b98479702f95283fd33bae8e0fa3435b4b2316e0ed5bd8b163fc1429a4c0adc21f7fc5a75e54d06783557aa25b5990ff27af33adc8edb668cebe36

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\libglesv2.dll

Filesize
6.1MB

MD5
cb4027d44f9cc456cdb8a901ea738256

SHA1
04ff151ecab8cb4430596e636ff78b737eb73932

SHA256
8f36f8d1335d60514cd136cf1ce0a3edcf799251adfdcf59632ff329e660463b

SHA512
5dc9bd1ea33d5be241c4ca47b05742a03be4a6ebe8ce32fb18e54d6be1e9cad8b3b241ebb311c062794dde4fb7962ce37a6859d97fd7e14d8cc4c28c3c81fbff

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup.exe

Filesize
15.8MB

MD5
ebabe971eb2c7f5b4ebc5cd72dbde8ae

SHA1
86566322fc87d930b4ba73aa83e89368c5239c83

SHA256
81b46308b37662ebdab37dfdc0f61499e4a1f8546e033037502332680890262f

SHA512
5dd6e2ea08a57632cf662e465fa26b75c319ef5cf5daec4bd9541632c6d6b884bd8a8a0a6c3e4ce2171e91d106cde87d656743cf3a30a7a9163289ef3801ac20

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup.exe

Filesize
21.4MB

MD5
8a8d34720eca3eae9a29097b06259bb5

SHA1
eb0aac6ec0eb41fa0d6a23cbd0ec6e1418222384

SHA256
5d1ff1080305cc175f19cf502bcc18fa55da6787ffd4403f0acd9bebf587c554

SHA512
2b0a85099c9f3b9e8f637baec1e1ed2c2a569bbaeac53b2539051c06938e73b8ceac6397c91900ace4dba13ac38ca916e0e7354165a6cfbd4e0df21a0e5f8e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup_resources\setup_images_100_percent.pak

Filesize
31KB

MD5
55f47f7d5273a1b30a4797a2b7a61934

SHA1
229acf3c181a8b374fdbee019535a27ff32ee1b9

SHA256
fd481515c4598eadb7f779997bb1d6bfb9656a0be7299a4570240826152bb78b

SHA512
5f2a790c2aa23d37a0f7532b0a5b77ed53a040919f4aff69ff8d02ea661c683daa1fc32ec91c72f765a5d684fa9fcc626dec1aeaaf761e2619984af092722524

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup_resources\setup_strings_en-US.pak

Filesize
508B

MD5
a3b94840d04c161b0c5ca93772f95f73

SHA1
91856c3100ca252d76d8a4e09e009cf75c8448a3

SHA256
df644f20c0bd7b2f20be98945ef3001f0c55d702f575c2e85f1753927ba63a1e

SHA512
aa9406cc5302dfd7329b774bb3416ee6ef245bbcdbb0517dbd0a8da9c977a508fc5a09c8eb10b3984c46857e7a845186f87d5102df1b62efd40ed33257372d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup_resources\ui_resources_100_percent.pak

Filesize
67KB

MD5
9be22d077d0c4db1aa361cbc6498afde

SHA1
8a584fee410aadd336c27001fcc837d8b3e6c3bd

SHA256
4b291440ce8f214dd179d686a10213b43c8c39b0a1fa435ffa277154486e86ff

SHA512
eb870c4d60eee0f27247056738c72f2969740cd9a0007761d16adefa75e5f4506ae4b9e6ce2012f266f70603c65fc23fa04da6584ab0b315148c7f29279a9373

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup_resources\ui_strings_en-US.pak

Filesize
5KB

MD5
b716abc27f2a4ba0923800b8851d7e15

SHA1
0ab2f6be0b7f350e4deae2bd227f8f4700956d6d

SHA256
889ee4ba1804945eb78601be31f0812feaaeb78ef5f7cb4d32fa7a2368d4ca11

SHA512
947244b04dd73038c0e4a1199cee7749c1905a8ce8163206830968e3ea3b38e406c86eca31bbd456e189476ef5149d780ebc9e9c0caf6496fc07e7169706b16e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CB_W6X8H0_CR_C14AC.tmp\setup_resources\views_resources_100_percent.pak

Filesize
7KB

MD5
ead849d81d25247b765ea00b5a277df1

SHA1
0f3f486a72ceb6f96caae2ee0d4830db7d7cd494

SHA256
822dd9b7fcdaec3a83febc128a7569d9d2035dccd20d1ed08e172f280911c844

SHA512
e903b2f898c99e7c4a06b650f666752d26b8670722c744ded5a4dab54bc979ef6e3ac8898dd3694c5ba66bd6b4da5936653350614939c6d36f07dbc7527562b9

Download Submit