Analysis

  • max time kernel
    143s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-02-2024 18:56

General

  • Target

    Set-up.exe

  • Size

    3.3MB

  • MD5

    55076afc8f8de2df8f91fb2742bcda61

  • SHA1

    c848bb01e859163b08ce4f58994b3d814dfdf700

  • SHA256

    e3cb1b8edb969533e9299c4169b12df17a01d7516df943b486a785c986ceda30

  • SHA512

    70bf3d76b86b28aa4209a51469a4b2161c4253313849217b5e1267cb17f6279235b9ed18cd975aa48227401b48887f594b3be149531750638091afc51a425d26

  • SSDEEP

    98304:WNdaWWhvT90MSGmHUkC+UH9txcv0HGM62OQy:WNdaWWhvZ0MhmHUkxUH9tx1HA

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Set-up.exe
    "C:\Users\Admin\AppData\Local\Temp\Set-up.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\netsh.exe
      C:\Windows\SysWOW64\netsh.exe
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Users\Admin\AppData\Local\Temp\fm.exe
        C:\Users\Admin\AppData\Local\Temp\fm.exe
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1628
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 212
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2280
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2520

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\24bdbda9

      Filesize

      1001KB

      MD5

      d57a60273dd3538267f15abee940f74b

      SHA1

      c9e265b24a46fce2922f4700b513700618198ee9

      SHA256

      edc9b17f6b55bc0e76ca07d73a0f63a5ccb97534c90d59b06d0e3271779fe61f

      SHA512

      e4dac81f73bea9b8ceb779a118cdd0138f01160cef2849ee60b5c6ee61430ee65a7d4ec8f576c5a300feab3f9ab2e9d1bd4e80bf984cd6303fc013ed1a9fac8a

    • \Users\Admin\AppData\Local\Temp\fm.exe

      Filesize

      994KB

      MD5

      de0ea31558536ca7e3164c3cd4578bf5

      SHA1

      5cc890c3ade653bb1ed1e53dabb0410602ee52df

      SHA256

      6e599490e164505af796569dce30e18218b179b2b791fe69764892b3ed3e7478

      SHA512

      c47299cd5f3b4961f423c2ca1fef5a33eb4b0f63dc232af70ef9da39f6f82270406061dd543461de7e47abd1244e26d6190de6035120211b27d4c23f97a25aba

    • memory/1628-46-0x0000000000090000-0x00000000000DB000-memory.dmp

      Filesize

      300KB

    • memory/1628-48-0x00000000000E0000-0x00000000001DB000-memory.dmp

      Filesize

      1004KB

    • memory/1628-49-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

    • memory/1628-43-0x0000000000090000-0x00000000000DB000-memory.dmp

      Filesize

      300KB

    • memory/1628-42-0x0000000076CE0000-0x0000000076E89000-memory.dmp

      Filesize

      1.7MB

    • memory/1628-55-0x0000000000090000-0x00000000000DB000-memory.dmp

      Filesize

      300KB

    • memory/2032-19-0x0000000074250000-0x00000000743C4000-memory.dmp

      Filesize

      1.5MB

    • memory/2032-32-0x0000000076CE0000-0x0000000076E89000-memory.dmp

      Filesize

      1.7MB

    • memory/2032-40-0x0000000074250000-0x00000000743C4000-memory.dmp

      Filesize

      1.5MB

    • memory/2032-35-0x0000000074250000-0x00000000743C4000-memory.dmp

      Filesize

      1.5MB

    • memory/2032-34-0x0000000074250000-0x00000000743C4000-memory.dmp

      Filesize

      1.5MB

    • memory/2180-22-0x000000006DFD0000-0x000000006DFF3000-memory.dmp

      Filesize

      140KB

    • memory/2180-27-0x000000006DBC0000-0x000000006DBCF000-memory.dmp

      Filesize

      60KB

    • memory/2180-29-0x000000006DBE0000-0x000000006DBED000-memory.dmp

      Filesize

      52KB

    • memory/2180-26-0x000000006DC50000-0x000000006DC5D000-memory.dmp

      Filesize

      52KB

    • memory/2180-25-0x000000006DC20000-0x000000006DC48000-memory.dmp

      Filesize

      160KB

    • memory/2180-31-0x000000006DAB0000-0x000000006DACE000-memory.dmp

      Filesize

      120KB

    • memory/2180-28-0x000000006DBF0000-0x000000006DBFE000-memory.dmp

      Filesize

      56KB

    • memory/2180-30-0x000000006DBD0000-0x000000006DBDE000-memory.dmp

      Filesize

      56KB

    • memory/2180-24-0x000000006C370000-0x000000006C4B3000-memory.dmp

      Filesize

      1.3MB

    • memory/2180-21-0x000000006E010000-0x000000006E02C000-memory.dmp

      Filesize

      112KB

    • memory/2180-23-0x000000006DDC0000-0x000000006DDE0000-memory.dmp

      Filesize

      128KB

    • memory/2180-0-0x0000000074250000-0x00000000743C4000-memory.dmp

      Filesize

      1.5MB

    • memory/2180-18-0x0000000000400000-0x0000000000787000-memory.dmp

      Filesize

      3.5MB

    • memory/2180-16-0x0000000074250000-0x00000000743C4000-memory.dmp

      Filesize

      1.5MB

    • memory/2180-15-0x0000000074250000-0x00000000743C4000-memory.dmp

      Filesize

      1.5MB

    • memory/2180-1-0x0000000076CE0000-0x0000000076E89000-memory.dmp

      Filesize

      1.7MB