Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/02/2024, 18:54

General

  • Target

    Setup_v_43.3.exe

  • Size

    108KB

  • MD5

    d827cf4f08d8e932f67bdb8bde5f92cf

  • SHA1

    771f875fb10090e2ab2537d8787bb3d1a4fb7b8b

  • SHA256

    33871c084b06e67d2fb8cc19c672ed27ce604c17ec8519bc44c85a2b1765475e

  • SHA512

    e2692fd15974db7cc459c8d2755268d39bb2d819858ac30c42d986284f553cd0e07926434c6550a43e9bc108b1cc35b1cf7e813adbfd885c1ef5a9e028d4abe0

  • SSDEEP

    768:F7Zw33FNUf6Nhd/fQ1l+0vM0iT9vIS1Kadjp3S0VYcFodSzSZ27lftcE2ryRIoM0:VZ2FWSNhd/4131iWS1Kax9SxcvqMrIri

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_v_43.3.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_v_43.3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2472
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UndoAssert.rm"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2868

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2868-33-0x000000013F160000-0x000000013F258000-memory.dmp

          Filesize

          992KB

        • memory/2868-34-0x000007FEFAFD0000-0x000007FEFB004000-memory.dmp

          Filesize

          208KB

        • memory/2868-35-0x000007FEF5CA0000-0x000007FEF5F54000-memory.dmp

          Filesize

          2.7MB

        • memory/2868-36-0x000007FEFB310000-0x000007FEFB328000-memory.dmp

          Filesize

          96KB

        • memory/2868-37-0x000007FEF7670000-0x000007FEF7687000-memory.dmp

          Filesize

          92KB

        • memory/2868-38-0x000007FEF7600000-0x000007FEF7611000-memory.dmp

          Filesize

          68KB

        • memory/2868-39-0x000007FEF7490000-0x000007FEF74A7000-memory.dmp

          Filesize

          92KB

        • memory/2868-40-0x000007FEF7470000-0x000007FEF7481000-memory.dmp

          Filesize

          68KB

        • memory/2868-41-0x000007FEF7450000-0x000007FEF746D000-memory.dmp

          Filesize

          116KB

        • memory/2868-42-0x000007FEF7430000-0x000007FEF7441000-memory.dmp

          Filesize

          68KB

        • memory/2868-43-0x000007FEF5AA0000-0x000007FEF5CA0000-memory.dmp

          Filesize

          2.0MB

        • memory/2868-44-0x000007FEF73F0000-0x000007FEF742F000-memory.dmp

          Filesize

          252KB

        • memory/2868-45-0x000007FEF39B0000-0x000007FEF4A5B000-memory.dmp

          Filesize

          16.7MB

        • memory/2868-46-0x000007FEF68A0000-0x000007FEF68C1000-memory.dmp

          Filesize

          132KB

        • memory/2868-47-0x000007FEF73D0000-0x000007FEF73E8000-memory.dmp

          Filesize

          96KB

        • memory/2868-48-0x000007FEF6880000-0x000007FEF6891000-memory.dmp

          Filesize

          68KB

        • memory/2868-49-0x000007FEF6860000-0x000007FEF6871000-memory.dmp

          Filesize

          68KB

        • memory/2868-50-0x000007FEF6840000-0x000007FEF6851000-memory.dmp

          Filesize

          68KB

        • memory/2868-51-0x000007FEF63C0000-0x000007FEF63DB000-memory.dmp

          Filesize

          108KB

        • memory/2868-52-0x000007FEF63A0000-0x000007FEF63B1000-memory.dmp

          Filesize

          68KB

        • memory/2868-53-0x000007FEF6380000-0x000007FEF6398000-memory.dmp

          Filesize

          96KB

        • memory/2868-54-0x000007FEF6350000-0x000007FEF6380000-memory.dmp

          Filesize

          192KB

        • memory/2868-55-0x000007FEF62E0000-0x000007FEF6347000-memory.dmp

          Filesize

          412KB

        • memory/2868-56-0x000007FEF5A30000-0x000007FEF5A9F000-memory.dmp

          Filesize

          444KB

        • memory/2868-57-0x000007FEF5A10000-0x000007FEF5A21000-memory.dmp

          Filesize

          68KB

        • memory/2868-58-0x000007FEF59B0000-0x000007FEF5A06000-memory.dmp

          Filesize

          344KB

        • memory/2868-59-0x000007FEF5980000-0x000007FEF59A8000-memory.dmp

          Filesize

          160KB

        • memory/2868-60-0x000007FEF5950000-0x000007FEF5974000-memory.dmp

          Filesize

          144KB

        • memory/2868-61-0x000007FEF5930000-0x000007FEF5947000-memory.dmp

          Filesize

          92KB

        • memory/2868-62-0x000007FEF5900000-0x000007FEF5923000-memory.dmp

          Filesize

          140KB

        • memory/2868-63-0x000007FEF58E0000-0x000007FEF58F1000-memory.dmp

          Filesize

          68KB

        • memory/2868-64-0x000007FEF58C0000-0x000007FEF58D2000-memory.dmp

          Filesize

          72KB

        • memory/2868-65-0x000007FEF5890000-0x000007FEF58B1000-memory.dmp

          Filesize

          132KB

        • memory/2868-66-0x000007FEF5870000-0x000007FEF5883000-memory.dmp

          Filesize

          76KB

        • memory/2868-67-0x000007FEF5850000-0x000007FEF5862000-memory.dmp

          Filesize

          72KB

        • memory/2868-68-0x000007FEF5710000-0x000007FEF584B000-memory.dmp

          Filesize

          1.2MB

        • memory/2868-69-0x000007FEF56E0000-0x000007FEF570C000-memory.dmp

          Filesize

          176KB

        • memory/2868-82-0x000007FEF5040000-0x000007FEF5053000-memory.dmp

          Filesize

          76KB

        • memory/2868-81-0x000007FEF5060000-0x000007FEF5072000-memory.dmp

          Filesize

          72KB

        • memory/2868-83-0x000007FEF4FA0000-0x000007FEF503F000-memory.dmp

          Filesize

          636KB

        • memory/2868-80-0x000007FEF5080000-0x000007FEF5091000-memory.dmp

          Filesize

          68KB

        • memory/2868-79-0x000007FEF50A0000-0x000007FEF5101000-memory.dmp

          Filesize

          388KB

        • memory/2868-78-0x000007FEF5110000-0x000007FEF5121000-memory.dmp

          Filesize

          68KB

        • memory/2868-77-0x000007FEF5130000-0x000007FEF5155000-memory.dmp

          Filesize

          148KB

        • memory/2868-76-0x000007FEF5160000-0x000007FEF5195000-memory.dmp

          Filesize

          212KB

        • memory/2868-75-0x000007FEF51A0000-0x000007FEF53D1000-memory.dmp

          Filesize

          2.2MB

        • memory/2868-74-0x000007FEF53E0000-0x000007FEF53F2000-memory.dmp

          Filesize

          72KB

        • memory/2868-73-0x000007FEF5400000-0x000007FEF5497000-memory.dmp

          Filesize

          604KB

        • memory/2868-72-0x000007FEF54A0000-0x000007FEF54B1000-memory.dmp

          Filesize

          68KB

        • memory/2868-71-0x000007FEF54C0000-0x000007FEF551C000-memory.dmp

          Filesize

          368KB

        • memory/2868-70-0x000007FEF5520000-0x000007FEF56D2000-memory.dmp

          Filesize

          1.7MB

        • memory/2868-84-0x000007FEF4F80000-0x000007FEF4F91000-memory.dmp

          Filesize

          68KB

        • memory/2868-86-0x000007FEF4E50000-0x000007FEF4E61000-memory.dmp

          Filesize

          68KB

        • memory/2868-85-0x000007FEF4E70000-0x000007FEF4F72000-memory.dmp

          Filesize

          1.0MB

        • memory/2868-87-0x000007FEF4CD0000-0x000007FEF4E48000-memory.dmp

          Filesize

          1.5MB

        • memory/2868-88-0x000007FEF4CB0000-0x000007FEF4CC7000-memory.dmp

          Filesize

          92KB

        • memory/2892-0-0x0000000000400000-0x0000000000425000-memory.dmp

          Filesize

          148KB