081ae5c21adb12d5661e6849efa6003d14f8be48256db982281d66adf956818d

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

99.7MB
MD5

3d54a88bea517fb58ecb46f3d7f94777
SHA1

b51360050b9785d01484d3d7b5c9796f98a8a0d1
SHA256

13dcfc1aa528addb278f703cd8fc7b0aaf8cbeb8242bdd0a070401099de854f2
SHA512

92c68b0b329b80ef892ffa838dd94e6c9d10e48e0e6f8840b9933b777bfa50cf5ed1c0ddea2c74a3c27d05310087a33ebfcaa6d8df71e8cdce46eab703d4299a
SSDEEP

3145728:qbzHAlMRvSvTXKX5U1LAcHbBlpmDHxc20Z/s:iTAmcLXKsxr2R4Z0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2088	Launcher.exe

Loads dropped DLL 2 IoCs

pid	Process
1712	Setup.exe
2088	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2088	1712	Setup.exe	28
PID 1712 wrote to memory of 2088	1712	Setup.exe	28
PID 1712 wrote to memory of 2088	1712	Setup.exe	28
PID 1712 wrote to memory of 2088	1712	Setup.exe	28

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe" /fj230ur90f90329039039093/Launcher.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
1015KB

MD5
8f270dc52b2380ddbb86853b0cc117ec

SHA1
85555052682858658b1b089034565a4f78045312

SHA256
18a4a264b1f3a6f022e1632bc767c2c12f07fa0e1b8dee8459efaf0a270a23a6

SHA512
26ac34718b368c3ff378fdf5bed548e2aa7c44f72d59aad002c12db65843709b91c019dc393d309723852d5a36bbf5ab6a0d8ebd82a5ff6f94679c357e43e50e

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
896KB

MD5
4240476a39fc71d47815c6898273ea38

SHA1
445b535e8fc8184826e79b1bdc2b2c627db788cc

SHA256
692c87706b95368ddf09df0d8f4a08e9f802fed13213fa2f0bb95f7ff374de26

SHA512
5485cb8ac80f0e74e34b93fefafc159724b8bfc8b5328d98491374a54728299a4df6ad9063cb445fdae680618747fe2770a51c4047797dc597e7f3c2d4fb2a68

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\locales\ar-XB.pak.info

Filesize
1015KB

MD5
edaef65b3082ac1502e46a7efe9a7260

SHA1
80fd9d68b4a0af62ef7f53d58ee9fb3ef1ef32c4

SHA256
7f8d7ac684642fb44625b0e32c0d8d20df0f661db616b157be04dfec918416eb

SHA512
3564bd96293d4a07c15d2ddd50abb531aea0a62cd4e0a8e70b60c7ef015b6e11f8221f353b668b0670938299770cf3607303075fc5f34bb73f9abbd48f666726

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
896KB

MD5
ccaec1d61cac7793159ac6a6cd2ab377

SHA1
2421e10db7005f8771e9768e5aa56df385eb83ee

SHA256
66dadd112f3b196c6970dc4853841d844668fab298acca29938f1c5f83d07376

SHA512
d6f62e0df4468e4ff501e96c6999bed68e0a9910413f788de1c3243b9c33b30c3167160f28de56a1082a52bb9f5c70a01863bb16c2c0956f6de4a9312bd0bf77

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\Launcher.exe

Filesize
2.2MB

MD5
4435b661290b7ca26ea94dda98e03546

SHA1
565b38a2ece149fd7d517c75c59df6a7961129e8

SHA256
35b9cfa27b222ee4b6512761d32baae6abdac11b1a7a8c6ebda44f5f63e93753

SHA512
1a123e0d3211fc3f3228f3b85215cc69f97ec9767ec8f79a51e4ddd426d76a46aca58cf4c5920c6385443bba6e4182fa2e7553172721a27336976416de3e6d9c

Download Submit
\Users\Admin\AppData\Local\Temp\fj230ur90f90329039039093\nw_elf.dll

Filesize
704KB

MD5
2fb1d0c83a1cb57b1a6ce36eb5934a29

SHA1
db5d05b686455fd82539c4923af7888176a04b71

SHA256
837ba6ab4e67b17f9539bb07ab6806c8729f07809e2612521848d5a16d846832

SHA512
156618bab1cbb11e9e154048270307a7d84d02cae1d66cd8eea046a9ceadb7fa3dc4d31d14fcfc9eefc26e2e712dcc368f625bee9eca9f9e5e8b3679626de1e1

Download Submit