Overview

overview

7

Static

static

7

a075393594...fd.exe

windows7-x64

3

a075393594...fd.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/AnVir.exe

windows7-x64

3

$TEMP/AnVir.exe

windows10-2004-x64

3

AnVir.exe

windows7-x64

3

AnVir.exe

windows10-2004-x64

3

AnvirHook65.dll

windows7-x64

1

AnvirHook65.dll

windows10-2004-x64

1

CoreTemp.exe

windows7-x64

1

CoreTemp.exe

windows10-2004-x64

1

CoreTemp64.exe

windows7-x64

1

CoreTemp64.exe

windows10-2004-x64

1

ROIntegration.dll

windows7-x64

1

ROIntegration.dll

windows10-2004-x64

1

VirusTotalUpload.exe

windows7-x64

1

VirusTotalUpload.exe

windows10-2004-x64

1

reg-organi...up.exe

windows7-x64

7

reg-organi...up.exe

windows10-2004-x64

7

tweaker.exe

windows7-x64

7

tweaker.exe

windows10-2004-x64

7

usbhdd.exe

windows7-x64

7

usbhdd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    reg-organizer-setup.exe

  • Size

    3.5MB

  • MD5

    012de0464f7e3097081e716b84549d7e

  • SHA1

    fe8389f53f2f13cea4984233286a99b515cdef58

  • SHA256

    ffc5f6d72d06c8d4d281c02c1f3b4d9029d57fa437af52d3b2666077e1705c38

  • SHA512

    951a899d2936d083313a8381576ebd9e97acb057a043f97865afe2df621f343edd81f4e244462835e0a132c1e4b712af5c69d9c2529ca684d32905961b7b968d

  • SSDEEP

    98304:zVf0cpo6EbOSzqYpCsw5apF5soRBIPGqYHk:ycp5EbOkCsvMoRAa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\reg-organizer-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\reg-organizer-setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3432
    • C:\Users\Admin\AppData\Local\Temp\is-06UOM.tmp\reg-organizer-setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-06UOM.tmp\reg-organizer-setup.tmp" /SL5="$60120,3230230,140800,C:\Users\Admin\AppData\Local\Temp\reg-organizer-setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-06UOM.tmp\reg-organizer-setup.tmp
    Filesize

    1.1MB

    MD5

    843305ffe1758a4e11bf7bf431149dc4

    SHA1

    cb1b14aca9a0e6fe0ae1e9a1e7decb816553e745

    SHA256

    175785cbf2c65943846d497727d7134f1ec85f1ded67e27a55fd4294933fc7ee

    SHA512

    89b6983970ffa0732370a18aeac2ee093b0551f71131c1c544c74d930552bae825f1eb338ad8158b6e390b12d02be5be532e0fbb61c3157ddaf008bc3dfc5695

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q5TQM.tmp\CloseApplication.dll
    Filesize

    633KB

    MD5

    a970dc705c1226069b5dcf9814cc8d3f

    SHA1

    d812130c174a1eecfddaa6696aad050b6b1af316

    SHA256

    48d60b06be877fb6558a6ca91466d6d6e3be40647cab68dc33e29da4d78c68a8

    SHA512

    0d99bea817273d3465738d245268dc56be346c4286a3b8d233158282843ccb5a45819764ad8124191b01cfe69125951b9dad17318fe43b2557cfc83ed7e22036

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q5TQM.tmp\InstallerTracingAgent.dll
    Filesize

    793KB

    MD5

    632b45bc3971a1d85d0f6288273f3574

    SHA1

    b4e5474367d7a801c298d15c8c40e97890414329

    SHA256

    ce32b04742ba33f6e2c0389160a6e1538322f0f6edeee04288bb4ca299d1b877

    SHA512

    a48fa3d5cf8a201b6e63ac1081618b35bb858046741430cc73f112908eba3d5f085aed153907f45256d56f16245781c54bb72f69432fb49a544c7060772cc64d

    Download Submit

  • memory/2052-26-0x00000000040A0000-0x00000000040A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-31-0x0000000003E80000-0x0000000003F53000-memory.dmp

    Filesize

    844KB

    Download

  • memory/2052-16-0x00000000032F0000-0x000000000339B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2052-40-0x0000000003E80000-0x0000000003F53000-memory.dmp

    Filesize

    844KB

    Download

  • memory/2052-23-0x0000000003E80000-0x0000000003F53000-memory.dmp

    Filesize

    844KB

    Download

  • memory/2052-39-0x00000000032F0000-0x000000000339B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2052-27-0x00000000034E0000-0x00000000034E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-36-0x0000000000720000-0x0000000000721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-29-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2052-30-0x00000000032F0000-0x000000000339B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2052-7-0x0000000000720000-0x0000000000721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3432-28-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3432-2-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3432-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download