Overview
overview
7Static
static
3Setup.exe
windows7-x64
7Setup.exe
windows10-2004-x64
7$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PROGRAM_F...am.dll
windows7-x64
3$PROGRAM_F...am.dll
windows10-2004-x64
3$PROGRAM_F...in.exe
windows7-x64
6$PROGRAM_F...in.exe
windows10-2004-x64
6$PROGRAM_F...32.dll
windows7-x64
3$PROGRAM_F...32.dll
windows10-2004-x64
3$PROGRAM_F...32.dll
windows7-x64
1$PROGRAM_F...32.dll
windows10-2004-x64
1$PROGRAM_F...st.dll
windows7-x64
6$PROGRAM_F...st.dll
windows10-2004-x64
6$PROGRAM_F...32.dll
windows7-x64
1$PROGRAM_F...32.dll
windows10-2004-x64
1$PROGRAM_F...32.dll
windows7-x64
1$PROGRAM_F...32.dll
windows10-2004-x64
1$PROGRAM_F...32.dll
windows7-x64
1$PROGRAM_F...32.dll
windows10-2004-x64
1$PROGRAM_F...32.dll
windows7-x64
1$PROGRAM_F...32.dll
windows10-2004-x64
1$PROGRAM_F...32.dll
windows7-x64
1$PROGRAM_F...32.dll
windows10-2004-x64
1Analysis
-
max time kernel
123s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2024, 05:47
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AdvSplash.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AdvSplash.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/bantam.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/bantam.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/bdeadmin.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/bdeadmin.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/blw32.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/blw32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral19
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idapi32.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idapi32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral21
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idapinst.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idapinst.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral23
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idasci32.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idasci32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral25
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idbat32.dll
Resource
win7-20240220-en
Behavioral task
behavioral26
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idbat32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral27
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idda3532.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/idda3532.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral29
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/iddao32.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/iddao32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral31
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/iddbas32.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$PROGRAM_FILES_COMMON/Borland Shared/BDE/iddbas32.dll
Resource
win10v2004-20240221-en
General
-
Target
Setup.exe
-
Size
9.4MB
-
MD5
0d5f882ff265554df34ebde89e0a897d
-
SHA1
8090c510c3838939d4a9015f06527ab8dc46c9b8
-
SHA256
75df21afcc97aa8efcbc43739d487d045e245aef351847faea4828da030d4feb
-
SHA512
8995ec060cb5fd62b4419bab73ad0d566e583c78020b87b9abf61bbfb902ecc0232ce7073f37fabd26dde9f83a049a388048377ee72172a98a53f335e1ab31af
-
SSDEEP
196608:xLWzSggC9iULjRagqE5RJZhvcajHt1WLA62DW9NNGfJxA639zOx:NWmMNL1rq6RJZF/jH2A6PNNc3Mx
Malware Config
Signatures
-
Loads dropped DLL 10 IoCs
pid Process 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe 2112 Setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2112 Setup.exe 2112 Setup.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1604 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1604 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2112
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x41c 0x3c41⤵
- Suspicious use of AdjustPrivilegeToken
PID:1604
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5416dd1f9853a601f16c70ee016ee855f
SHA1226a5aa251118f5e337d22017dd0861f2d8b21d3
SHA2562cf08655bd37f2999612ced3b79d35b537e2b0cd281bb1f452c427879634e7de
SHA51227e104a657eaed4cc8f58588385af6354d41785df98c8fc02eb436cb4372e3c0047ec28eab5ab37ef70ddca46fc9cf1cc86fc0d95267fff759ae7e610b5f8d6d
-
Filesize
31KB
MD583cd62eab980e3d64c131799608c8371
SHA15b57a6842a154997e31fab573c5754b358f5dd1c
SHA256a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
SHA51291cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
-
Filesize
12KB
MD543ba71f370a45aebcde86d76b83b208c
SHA11f14e3c253a5b7255b617084b45e51ef9d6717e4
SHA2566d0a19614efb523f78477429df04b71459ee69b3d16231798dcfa539b3d2a64c
SHA51236aaf1ccb7c1085ba9fbacbad6c1505c9e389be5e9bd52ee7046b48302b8239d6e34dfeeb32a2708c4fb7d5a85c1d202fbdabcdd6a2cced0099249640443b551
-
Filesize
10KB
MD50c8ea8e6637bbf8408104e672d78ba45
SHA1c231c7acaf9abb7da93f28e1b71bed164d57103e
SHA256509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f
SHA512ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28
-
Filesize
601B
MD5dcbbe2a2e2fa85df98fe4c0d32e35700
SHA173a183334ec7bb501643ac7c1fa28fbb47dd0f61
SHA25604260c80d6372524abbcf21140736f660e768d7034e1d48a41ed71303d2c71f0
SHA512a233b08c8ba1f2e25b6eb811231c47c9ca4856d674133c4ea0554532930a383f6bed929caeaf05f459d87ccb0778683433f5383cd05ca330490c49e65046cb11