Overview

overview

7

Static

static

3

a3a9825b6d...0b.exe

windows7-x64

7

a3a9825b6d...0b.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$TEMP/SCSIinst.exe

windows7-x64

1

$TEMP/SCSIinst.exe

windows10-2004-x64

1

$TEMP/SPTDinst.exe

windows7-x64

1

$TEMP/SPTDinst.exe

windows10-2004-x64

1

Lang/1033.dll

windows7-x64

1

Lang/1033.dll

windows10-2004-x64

1

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

Plugins/Im...nt.dll

windows7-x64

3

Plugins/Im...nt.dll

windows10-2004-x64

3

SetupDTSB.exe

windows7-x64

7

SetupDTSB.exe

windows10-2004-x64

7

daemon.dll

windows7-x64

1

daemon.dll

windows10-2004-x64

1

daemon.exe

windows7-x64

1

daemon.exe

windows10-2004-x64

1

pfctoc.dll

windows7-x64

1

pfctoc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupDTSB.exe

  • Size

    120KB

  • MD5

    f123981c00295ae5fa1e16b781ffb435

  • SHA1

    4c62e0f9234b215a77ecb2bd4c7f7c254982cb7b

  • SHA256

    f2560b0e66b9a629ee7184997f25f27786448ef9cc17df56b69c94b39d43da5c

  • SHA512

    766f9039c8fb0df9bc4e42611e545b4902ea97e3ee9d9208da4a7e09835f269bfbd5a3a9e95a5e26a60d3f78fe69d58871a8557d65390195ea70edc2a5573dc3

  • SSDEEP

    3072:lny3UW0DorSWuZLNCknVPtKcstLDJxaE5XU3qdsslyIU:Z5/fWShjZqtLDOE5XnX

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupDTSB.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupDTSB.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
      "C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe" /cfg:DAEM040601
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      PID:4876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\SET69F5.tmp
    Filesize

    145KB

    MD5

    ac3ca8dbdf80e7b92b453b06ee7605e8

    SHA1

    60f7c3675c6ab4091cd6ef28cc7ba0521c25856a

    SHA256

    d010abc6e90faaa66cadd443006b809500e4409abc88d8ac04b04a6d3ab03aef

    SHA512

    ddfb24240415eaf5dc502af4332f9a56a8b6545a0362ef95dfaa358c19d498ecdfeabb7e0f7f303818c53aa41e788df775b5911588f499291e64111db2d04d91

    Download Submit

  • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\vvsn.cfg
    Filesize

    232B

    MD5

    0078ccec29106c86fbaca78ad89081a4

    SHA1

    1a418f38e3553be402112368f59bdbe483160bc9

    SHA256

    1a0e1b1255efcd0da1004e97f44568112b1d140128988ec417cccf057596ecc6

    SHA512

    dc77684cd3d0a5339d6c22c69739a3238c1d7f6d76255631fa39662dd420807ba4cf8c9c68ae36d8c7f23d51a8948a1e866934a3d590e5e91ac786ca91c67745

    Download Submit

  • C:\Program Files (x86)\DaemonTools_WhenUSaveNow_Installer\vvsn.cfg
    Filesize

    276B

    MD5

    16280d76aef051c5244a162a7e6e23d8

    SHA1

    288b32371fc772c646a5bb4539b321b9e9e04afc

    SHA256

    63f6b23a836b3bea6f68d01391fa579c62a071d33d40cf6796fcf9f942dfb0ed

    SHA512

    9f4389c52ff7de78b3ddba51eda4052a37a22d19932489df9245fa7cc765307ceb822dd88b4b3b59006218f14b8be482486794ab2644612c53ff128b0fe2cace

    Download Submit