Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/02/2024, 18:54
Static task
static1
Behavioral task
behavioral1
Sample
Setup_v_43.3.exe
Resource
win7-20240221-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
Setup_v_43.3.exe
Resource
win10v2004-20240221-en
2 signatures
150 seconds
General
-
Target
Setup_v_43.3.exe
-
Size
108KB
-
MD5
d827cf4f08d8e932f67bdb8bde5f92cf
-
SHA1
771f875fb10090e2ab2537d8787bb3d1a4fb7b8b
-
SHA256
33871c084b06e67d2fb8cc19c672ed27ce604c17ec8519bc44c85a2b1765475e
-
SHA512
e2692fd15974db7cc459c8d2755268d39bb2d819858ac30c42d986284f553cd0e07926434c6550a43e9bc108b1cc35b1cf7e813adbfd885c1ef5a9e028d4abe0
-
SSDEEP
768:F7Zw33FNUf6Nhd/fQ1l+0vM0iT9vIS1Kadjp3S0VYcFodSzSZ27lftcE2ryRIoM0:VZ2FWSNhd/4131iWS1Kax9SxcvqMrIri
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D058E531-D1B3-11EE-B2DC-EA263619F6CB} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D058E533-D1B3-11EE-B2DC-EA263619F6CB}.dat = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2868 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2868 vlc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2096 iexplore.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe 2868 vlc.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2096 iexplore.exe 2096 iexplore.exe 2472 IEXPLORE.EXE 2472 IEXPLORE.EXE 2096 iexplore.exe 2868 vlc.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2892 wrote to memory of 2096 2892 Setup_v_43.3.exe 28 PID 2892 wrote to memory of 2096 2892 Setup_v_43.3.exe 28 PID 2892 wrote to memory of 2096 2892 Setup_v_43.3.exe 28 PID 2892 wrote to memory of 2096 2892 Setup_v_43.3.exe 28 PID 2096 wrote to memory of 2472 2096 iexplore.exe 29 PID 2096 wrote to memory of 2472 2096 iexplore.exe 29 PID 2096 wrote to memory of 2472 2096 iexplore.exe 29 PID 2096 wrote to memory of 2472 2096 iexplore.exe 29 PID 2096 wrote to memory of 2472 2096 iexplore.exe 29 PID 2096 wrote to memory of 2472 2096 iexplore.exe 29 PID 2096 wrote to memory of 2472 2096 iexplore.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup_v_43.3.exe"C:\Users\Admin\AppData\Local\Temp\Setup_v_43.3.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2892 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2472
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UndoAssert.rm"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2868