798b9999b706eb8240655287d18f6a0b6d1651bba28c33ead722166319d2f6cb

Analysis

max time kernel
143s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

385.3MB
MD5

d9197db5b4e21e78fec4ce7bfea33a18
SHA1

b21ad7436ec8415b7c840ca8a0bf3357e80e7312
SHA256

26a6d5493cd62ba930d10b826f6b87982a24686ded3befb0a01b068273b6bca5
SHA512

d0775a273343ba767344929a9996718b7623e02375b01a1a6653cf554abe90e67a6fc1c23738d84fd3c0b61275b630eb5f2aac7c918d0c29b7f113457cb8d695
SSDEEP

12582912:xx4MxzZZ827qwrVP6KlrUO4O05g0dgF/tk8WV9Xdh+ShS/GQh2d38xL:Dnxz4uqWBrB05tgF/qWQ38

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 7 IoCs

pid	Process
1088	setup.exe
3240	ISBEW64.exe
3216	ISBEW64.exe
3156	ISBEW64.exe
1040	ISBEW64.exe
2208	ISBEW64.exe
688	ISBEW64.exe

Loads dropped DLL 8 IoCs

pid	Process
1088	setup.exe
1088	setup.exe
1088	setup.exe
1088	setup.exe
1088	setup.exe
1088	setup.exe
1088	setup.exe
1088	setup.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 1088	3284	Setup.exe	89
PID 3284 wrote to memory of 1088	3284	Setup.exe	89
PID 3284 wrote to memory of 1088	3284	Setup.exe	89
PID 1088 wrote to memory of 3240	1088	setup.exe	90
PID 1088 wrote to memory of 3240	1088	setup.exe	90
PID 1088 wrote to memory of 3216	1088	setup.exe	91
PID 1088 wrote to memory of 3216	1088	setup.exe	91
PID 1088 wrote to memory of 3156	1088	setup.exe	92
PID 1088 wrote to memory of 3156	1088	setup.exe	92
PID 1088 wrote to memory of 1040	1088	setup.exe	93
PID 1088 wrote to memory of 1040	1088	setup.exe	93
PID 1088 wrote to memory of 2208	1088	setup.exe	94
PID 1088 wrote to memory of 2208	1088	setup.exe	94
PID 1088 wrote to memory of 688	1088	setup.exe	95
PID 1088 wrote to memory of 688	1088	setup.exe	95

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\setup.exe
  C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\setup.exe -package:"C:\Users\Admin\AppData\Local\Temp\Setup.exe" -no_selfdeleter -IS_temp -media_path:"C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\" -tempdisk1folder:"C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\" -IS_OriginalLauncher:"C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1088
- - C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{456E36B6-86EA-4AA2-9780-71EE5995EC0D}
    3⤵
    - Executes dropped EXE
    PID:3240
- - C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4F7675C3-64BE-4AEF-990A-A8B2F51DC8D5}
    3⤵
    - Executes dropped EXE
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E45502E9-D827-47B4-B3C2-893D08A9307E}
    3⤵
    - Executes dropped EXE
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2422A723-7D1C-4269-B231-DFF2F3A0A3A1}
    3⤵
    - Executes dropped EXE
    PID:1040
- - C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8E0A83A6-DAF0-4CFA-99C3-C131CB1BC87B}
    3⤵
    - Executes dropped EXE
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3B971D7B-C781-4CAB-AC91-915E696F2A9C}
    3⤵
    - Executes dropped EXE
    PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\ISBEW64.exe

Filesize
182KB

MD5
cb279e894409aef5f9410d7d8d113c54

SHA1
300c199084e171880bb206a5f5c11c7a5b15744f

SHA256
e984815636a4f457069b13e5d2ab02ddbbc692e26dedba4d74bb9c9172a89232

SHA512
a58962ee7d9499da216c1f6d93ce27ae4b759ca605469fd19ae48ae926cda909d5d3762345f7304132d9c1eb3407797bb21498dc2bc10b0eb6fee5a87657126b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}\DIFxData.ini

Filesize
84B

MD5
1eb6253dee328c2063ca12cf657be560

SHA1
46e01bcbb287873cf59c57b616189505d2bb1607

SHA256
6bc8b890884278599e4c0ca4095cefdf0f5394c5796012d169cc0933e03267a1

SHA512
7c573896abc86d899afbce720690454c06dbfafa97b69bc49b8e0ddec5590ce16f3cc1a30408314db7c4206aa95f5c684a6587ea2da033aecc4f70720fc6189e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}\FontData.ini

Filesize
37B

MD5
8ce28395a49eb4ada962f828eca2f130

SHA1
270730e2969b8b03db2a08ba93dfe60cbfb36c5f

SHA256
a7e91b042ce33490353c00244c0420c383a837e73e6006837a60d3c174102932

SHA512
bb712043cddbe62b5bfdd79796299b0c4de0883a39f79cd006d3b04a1a2bed74b477df985f7a89b653e20cb719b94fa255fdaa0819a8c6180c338c01f39b8382

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}\InstallshieldSupportModule.dll

Filesize
184KB

MD5
a65d3f22e82802871d3f698fc1016f21

SHA1
dc17fe50a1b1821f5f251114897faeb889457398

SHA256
2a27b247c1387082036bcd83fb20dbef9d923b0ffa56573c093d0b71edf6d57b

SHA512
08054d4ccbf3c1f6c40e338c273908ac3250a23399328ed645a7bfd79fa28293db59718d8114316a2263345347d03f772b390980c24ef78acced69d92030a968

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}\_isres_0x0409.dll

Filesize
1.8MB

MD5
47883e42b1859329eba55075290a2c5a

SHA1
7cd7c1a82aa8a74db7926129e3844cefdf79376b

SHA256
ead0b66d81c87d26cf530ec5833d04d11782aa01adc9420ad939f492e2ce016c

SHA512
adc92de860d2f09013ce03a13af941e38ba569e89b53cedfb7fb25abe3d3654c173e70cc86407646df13cb7da14557e788ea2d2ce6370c01f885d73e6115048c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}\_isuser_0x0409.dll

Filesize
356KB

MD5
cc85febea1606045f59c4ffcfd74bf90

SHA1
acb0dc4b8406848714657a0ac963e4616d5942a7

SHA256
21f33d41609d8928c76f9ba077707d9aae3a121c5c2f58b352252d65da965226

SHA512
3da68f50c5cda810f98c5fdd1851f49859308311cdd6dfe5bb01c789ddd1bd9b18b834af841adc65547908a3a3e23be77d8e8c46d77590d635503891b76b55ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2F6B404C-C9E4-4BAC-AEF1-34A9DC1F6987}\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}\isrt.dll

Filesize
430KB

MD5
e9208322f81fc26beaaa5a73cafda4a2

SHA1
11863afbef0456bf0e8c8bfab1cffad0356f80cb

SHA256
0fe47b313616738f2d0864d17d4c7ba1fd0778c8f95d741989d597fe23d6cc7c

SHA512
a32193f7ba02faa959de9949c332c716949af674b353a43e1dce846747492eaa818963c28afcaf837e757f93aa98a7f244177a5afd204ad6b54d6006e522ec68

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x0404.ini

Filesize
10KB

MD5
cd658d92df1ad180483136cd6960e7f6

SHA1
0d2808f19c659312372386276bb8dec386b2b638

SHA256
5d31e009a36325032ab1521d2b1ca1a5be89bb969d1948d4fe99c387b1055db1

SHA512
84540ddb853c9dcf49c2abe931601884f744c341d33f2f615f9d3290c41ead9d0709e0882358d5326b87fa25adf61ea1ff7a2b9bad52bfaab18b31d08047da31

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x0407.ini

Filesize
25KB

MD5
1f71deaf7e3c298f4c4112db5e7ac029

SHA1
2d653e79c55e31cd00af51313a7b07aed123ab04

SHA256
b4d2bf8ddeee1e2acc5dfaa14ac602a69f52195c38eab4660408fd879ad41a56

SHA512
e0c0fe70904f768ebd191cd8aae285a7e851ff5e5ee3cbe5b78a708b6f378db33f499291eb89ee268fd3b3a694abaf6826162571aba74a6837f65c95a8078666

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x0409.ini

Filesize
22KB

MD5
1196f20ca8bcaa637625e6a061d74c9e

SHA1
d0946b58676c9c6e57645dbcffc92c61eca3b274

SHA256
cdb316d7f9aa2d854eb28f7a333426a55cc65fa7d31b0bdf8ae108e611583d29

SHA512
75e0b3b98ad8269dc8f7048537ad2b458fa8b1dc54cf39df015306abd6701aa8357e08c7d1416d80150ccfd591376ba803249197abdf726e75d50f79d7370ef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x040a.ini

Filesize
25KB

MD5
b216bc7b827622578e60b0b37ce9c4c0

SHA1
18eb706aa172440c783382fb317dcb2ef7d04e2a

SHA256
4e42d96cf24224d3ed43e7e14227b96fde3b43235636480f8861db0b048ffddf

SHA512
e4211ee47bccf98369b7760502cc04e7c036e7ee8eb8a29143519c35cf5295f9984ee8de1fc8d7e93352119f9cf5fcb3412b7e3749b1540fd38af7d996ab0700

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x040c.ini

Filesize
26KB

MD5
9a10eddf9169f9508688eace7b9e7797

SHA1
fe256fc1dd6a26478a7d06712d789d3f0db431d5

SHA256
d31b120f79c2fb8cd6f3fd7ede220a30ca3bb84e4d3c8b05c1bcc833734d13cf

SHA512
c3d5534e5edd819c03198ec19ab17bd90f29b33bd2f35a7f26e09ec4d59750065c4c3820efa2b6c8862e2fc00a0cf64fa928abeb62a3688b399eeb275de3ae5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x0411.ini

Filesize
14KB

MD5
b807ce7552e96dc1928775956b9f422c

SHA1
d25122157365130bebae6497617d28cd86e8c638

SHA256
3f0778538202a35483c084fb0b109f693a9853f64d6452daa5c92ac75620aadc

SHA512
bb06ca5784e77ceb15331c5c6a9abad27364b1c5b800f229cd7b6d955fb120cbd7879c299508b606760f714b17a4a50aba333ccf6da7fb9bcd88b50772f64f6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x0412.ini

Filesize
14KB

MD5
59b2e4a2d3898f3e4f49186ff150e26c

SHA1
42f49643ef257d3ba2817af5731a165b42c42bfd

SHA256
9416c7b55d1fd9dc06f20e1e3ebbac1357217113833553d49586e339360529c7

SHA512
e6601b583567291088f1c522adf38dbc3408855463429354c7ceee2a46459c76daffc3db1f770e4979a59b88cea43599f88eb9b4dd170cf337008039775dff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x0416.ini

Filesize
23KB

MD5
eb6dae1391cac22014afd6ccf4c2c333

SHA1
0476104dff6077de57ed24d43b2d4f8a74b6ad3e

SHA256
af54db26c9464b7a610d7eb73f06f36b43ac51e879ac4d21a1c70eb4524a2b24

SHA512
d40a5478056ff3a59e06dc779166baf144eb0db33819180fc6ac47808f49a2249158d8e5cf106c654ce42ab71b6f6f16c3b9777a6b445b1297f741affe09f587

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x041e.ini

Filesize
22KB

MD5
733f697e11797f50f950b08701a0c1ec

SHA1
e24d6f9064dfa404739485647a5bd8c6b7165579

SHA256
372dc097b80442810781d777cdd23296a0558be58b3418f4ea088cbcd7f661b2

SHA512
edba839537d63713d6dd708384296d4b6d995dacd9d01813063810e230deafc166baddb2c987442f7985b01a283454a7f5fa4076ebc276fca03c95d175091fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\0x0421.ini

Filesize
24KB

MD5
94afe5b2ac909992f6b7e3c629815d7d

SHA1
f6cea0560818c77d9de5447cc0d5e24da12e52bf

SHA256
af34e34cb979dae26a2ed08673e0ea20fcdb5d1f7ee9acf42f93afe16a64521c

SHA512
5acb1c761a392b96588c5c223e25497a80a7ac7cf8d80e5efb55bdb225544e8adbaafd1ae1f51bc076a29e7d7bf229ac57c8728b969f68b15678f1ccf8445826

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\ISSetup.dll

Filesize
1.6MB

MD5
d6ef5008acd26a15e65435111b83a457

SHA1
e52ba57faf4d01e50babfb7ebc3511315f2aa422

SHA256
a9c83d986a29fba1f4868158672aac7535d161126f73bc2d0a2a5dbc016569ba

SHA512
165ee1d4cb4b6d4fc3697865fad29439617859d02e05ac2181cb9f15f7905db18b448c03cfc716bab5b7a5a5d84f5a834ff44557ec6a2ccf6afdf89d338b780e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\data1.cab

Filesize
179.8MB

MD5
aee195dca99d8a772bb85414d7ada931

SHA1
ead5a7a7177465ddca9d215eda980503b79d0333

SHA256
93142a016c50d7a29208da9cb205eef638289dd46092392a68292e2bc10393a0

SHA512
a954ae8c5129e435450a75e810650a03f90985fac048ed2c1fd22dd51910421f9c4c2f89a321086b0a32303b2b2ef6a7b4c56bf6e480aca5aa7cbd50fb448564

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\data1.hdr

Filesize
528KB

MD5
c5bde9f1ec21026da0d2768b7672c099

SHA1
1b7b6a5dfae62cd4f3034050f79daba2d5316947

SHA256
22828e675993fd542d635e0f23eaea89945b700bfab5a9d4f7ceb890d0e0ea60

SHA512
1e650559dc572087993fb3ba8c37fd12523e9533f6ddcd7adcaf9f342058462d5b84878720ee0faebfad53a8724892046129fd2bf144792d22983c1285527608

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\layout.bin

Filesize
848B

MD5
22051cd477b54ce88af4b54a46089de7

SHA1
c844a55c6a5d4e123b44b52ab1c2b25269058398

SHA256
6b04905e96bb2388347df395aab336112897b400e49147a553fe2da74325f203

SHA512
c67b4bbcbe4160db3866fa591867763a24852c9f3914630ae3721e6b98f6e72b24a1229dac813a75e05e87769c71d1f764d0581f2aaf2cc2e4866dd82d2a18b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\setup.exe

Filesize
945KB

MD5
5066945542a53d6804aebc9fc396a476

SHA1
b21cc9523ce174adda98f823bd25292f8e324029

SHA256
c09882f267de685d7ffffe51ed11ca60ef8deb13a545627265faaeb4518f85fb

SHA512
6af557520ae8633386a5d70b7c08e1643f98c39f81f9886076f43765334f77ddd7dde0beb8986934de710c2b7081e0319d2a91c32dd06cd5c7bceeee3e85e37d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\Disk1\setup.inx

Filesize
263KB

MD5
b8cfa9610ca6b8498814f7c5d3d3ff29

SHA1
ecb355b8110850359e789b01276c67868a6fdb74

SHA256
7ed6ee16411c860855b5ef8e6672f8cbe68b04f4c844924c1f675bb2873c2341

SHA512
9e7ad885e444b7f9218ff96e32eae3d613c8a341e66d24a01fede972554c51ee736610937b534acef854c1aaa33a53966fddc3035cdaa46524f7ae4c62ac5c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BA471459-9670-43F3-8441-72086B3ED74C}\setup.ini

Filesize
2KB

MD5
fc8a0ac43218330f118424a64f5f0cd0

SHA1
36ec4fb5f86e521ad67519f2eb6195981ab4ac5d

SHA256
ea239b8e11fd28a85387e9b7a5324a60fd29fdbf113aa9f89f62096b6bef101e

SHA512
fb6d3aca0781e3c9c2a174abd9f4ba6de2536cff28fc3905c3cb9f19a9d5ff637066acbd19560579b1d73f43b92b0cb695f81d3f0853e3548759f539d67108b5

Download Submit
memory/1088-134-0x0000000004FB0000-0x0000000005177000-memory.dmp

Filesize
1.8MB

Download
memory/1088-129-0x0000000000AA0000-0x0000000000AA2000-memory.dmp

Filesize
8KB

Download
memory/1088-128-0x0000000010000000-0x0000000010114000-memory.dmp

Filesize
1.1MB

Download
memory/1088-174-0x0000000010000000-0x0000000010114000-memory.dmp

Filesize
1.1MB

Download
memory/1088-187-0x0000000010000000-0x0000000010114000-memory.dmp

Filesize
1.1MB

Download