be68c54bf25595d493a529c7f64ea38629b44f07c4551c208752b0b57060e2ae

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 22:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

reg-organizer-setup.exe
Size

3.5MB
MD5

012de0464f7e3097081e716b84549d7e
SHA1

fe8389f53f2f13cea4984233286a99b515cdef58
SHA256

ffc5f6d72d06c8d4d281c02c1f3b4d9029d57fa437af52d3b2666077e1705c38
SHA512

951a899d2936d083313a8381576ebd9e97acb057a043f97865afe2df621f343edd81f4e244462835e0a132c1e4b712af5c69d9c2529ca684d32905961b7b968d
SSDEEP

98304:zVf0cpo6EbOSzqYpCsw5apF5soRBIPGqYHk:ycp5EbOkCsvMoRAa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2364	reg-organizer-setup.tmp

Loads dropped DLL 5 IoCs

pid	Process
2068	reg-organizer-setup.exe
2364	reg-organizer-setup.tmp
2364	reg-organizer-setup.tmp
2364	reg-organizer-setup.tmp
2364	reg-organizer-setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2364	2068	reg-organizer-setup.exe	28
PID 2068 wrote to memory of 2364	2068	reg-organizer-setup.exe	28
PID 2068 wrote to memory of 2364	2068	reg-organizer-setup.exe	28
PID 2068 wrote to memory of 2364	2068	reg-organizer-setup.exe	28
PID 2068 wrote to memory of 2364	2068	reg-organizer-setup.exe	28
PID 2068 wrote to memory of 2364	2068	reg-organizer-setup.exe	28
PID 2068 wrote to memory of 2364	2068	reg-organizer-setup.exe	28

C:\Users\Admin\AppData\Local\Temp\reg-organizer-setup.exe
"C:\Users\Admin\AppData\Local\Temp\reg-organizer-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\is-7VE3F.tmp\reg-organizer-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7VE3F.tmp\reg-organizer-setup.tmp" /SL5="$40016,3230230,140800,C:\Users\Admin\AppData\Local\Temp\reg-organizer-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-7VE3F.tmp\reg-organizer-setup.tmp

Filesize
1.1MB

MD5
69d4b30b374af9a0ea94ef33c3af0ae2

SHA1
d5d9b04ac0ac7579b950991adc76e11ac26eca70

SHA256
2f660cdd71597b4f649a29e8ba02232311150b97b30f461999e68ea6de31bfdf

SHA512
9838d724e97e5f3c3c2864377730fd07925f8bb0c5bf83e1f665811a88d939f469801463a33d1cd23f41018cb52c4023f96e94a0fee96d86021a68c34807766f

Download Submit
\Users\Admin\AppData\Local\Temp\is-7VE3F.tmp\reg-organizer-setup.tmp

Filesize
1.1MB

MD5
843305ffe1758a4e11bf7bf431149dc4

SHA1
cb1b14aca9a0e6fe0ae1e9a1e7decb816553e745

SHA256
175785cbf2c65943846d497727d7134f1ec85f1ded67e27a55fd4294933fc7ee

SHA512
89b6983970ffa0732370a18aeac2ee093b0551f71131c1c544c74d930552bae825f1eb338ad8158b6e390b12d02be5be532e0fbb61c3157ddaf008bc3dfc5695

Download Submit
\Users\Admin\AppData\Local\Temp\is-K00AB.tmp\CloseApplication.dll

Filesize
633KB

MD5
a970dc705c1226069b5dcf9814cc8d3f

SHA1
d812130c174a1eecfddaa6696aad050b6b1af316

SHA256
48d60b06be877fb6558a6ca91466d6d6e3be40647cab68dc33e29da4d78c68a8

SHA512
0d99bea817273d3465738d245268dc56be346c4286a3b8d233158282843ccb5a45819764ad8124191b01cfe69125951b9dad17318fe43b2557cfc83ed7e22036

Download Submit
\Users\Admin\AppData\Local\Temp\is-K00AB.tmp\InstallerTracingAgent.dll

Filesize
694KB

MD5
327121786a48395ad66809b6ac0b18e0

SHA1
cc0018f86cb5a3b6a57c5b2085700c94424f3f65

SHA256
3b10ee3b8d0bfc037411d6d5469f3917c6cf2b930a406ee6dd887fee8f8a930e

SHA512
c1c6ee21dc8b5dec7118aaacfdce9e7759a43e1193d3642fe45443d0677b14a4688c575ed364b74e6b004f23a384a3c0d5aa3244b0350b80c39e01f96de01881

Download Submit
\Users\Admin\AppData\Local\Temp\is-K00AB.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/2068-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2068-25-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2364-17-0x0000000002010000-0x00000000020BB000-memory.dmp

Filesize
684KB

Download
memory/2364-21-0x0000000003C50000-0x0000000003D23000-memory.dmp

Filesize
844KB

Download
memory/2364-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2364-23-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2364-24-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2364-26-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2364-27-0x0000000002010000-0x00000000020BB000-memory.dmp

Filesize
684KB

Download
memory/2364-28-0x0000000003C50000-0x0000000003D23000-memory.dmp

Filesize
844KB

Download
memory/2364-33-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads