081ae5c21adb12d5661e6849efa6003d14f8be48256db982281d66adf956818d

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

99.7MB
MD5

3d54a88bea517fb58ecb46f3d7f94777
SHA1

b51360050b9785d01484d3d7b5c9796f98a8a0d1
SHA256

13dcfc1aa528addb278f703cd8fc7b0aaf8cbeb8242bdd0a070401099de854f2
SHA512

92c68b0b329b80ef892ffa838dd94e6c9d10e48e0e6f8840b9933b777bfa50cf5ed1c0ddea2c74a3c27d05310087a33ebfcaa6d8df71e8cdce46eab703d4299a
SSDEEP

3145728:qbzHAlMRvSvTXKX5U1LAcHbBlpmDHxc20Z/s:iTAmcLXKsxr2R4Z0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1972	Launcher.exe

Loads dropped DLL 2 IoCs

pid	Process
764	Setup.exe
1972	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1972	764	Setup.exe	28
PID 764 wrote to memory of 1972	764	Setup.exe	28
PID 764 wrote to memory of 1972	764	Setup.exe	28
PID 764 wrote to memory of 1972	764	Setup.exe	28

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:764
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" /fj230ur90f90329039039093/Launcher.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\ar-XB.pak.info

Filesize
1015KB

MD5
edaef65b3082ac1502e46a7efe9a7260

SHA1
80fd9d68b4a0af62ef7f53d58ee9fb3ef1ef32c4

SHA256
7f8d7ac684642fb44625b0e32c0d8d20df0f661db616b157be04dfec918416eb

SHA512
3564bd96293d4a07c15d2ddd50abb531aea0a62cd4e0a8e70b60c7ef015b6e11f8221f353b668b0670938299770cf3607303075fc5f34bb73f9abbd48f666726

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
2.5MB

MD5
2784b288057106a5e08f16377339d4ad

SHA1
62a5705f96a2665519a7940fb309745b791e98b6

SHA256
6f7833e864e20b2fa1ef454fc60590b7f246fe4a81f22c35dee247c7d8df03e6

SHA512
663e06957d3de5dcdad6559391d733c350efffdb85363ec00943bf0ff07fef61fde164b71c4f9bd5f2e8d0570f85a1734c03c53e9ad85f4b55ac7628b5664331

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
1.1MB

MD5
98acbb1ba1112cfa4da907558ea7cc0e

SHA1
9e041b920a7a9e9bc0aea6fc7709deb67eecf7ef

SHA256
0c57bc73ca823aef5dbb3785cdb343dec62854f80e811df16ac71ba88a039a5f

SHA512
a4845ccf34b534d5ff336a909b66f8cd4f48c151540197ebf63242a83c02a4f5a9f992a7975de44ca0f66e810e302a37f331d4bd26afff5088f2c44df517ac86

Download Submit