Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 04:11

General

  • Target

    $TEMPLATES/Setup.exe

  • Size

    1.8MB

  • MD5

    a6f4051f7da492db1ea4096f2effd24c

  • SHA1

    e2c64323fb25429f2c0c39cce159b68b43989b6f

  • SHA256

    4ffc6508abc6b72a8b552f1ea9a9127c5c201b4e1e07b0918c3b46921dfd5563

  • SHA512

    5c108d871b6afc4c1494f9776583e2b02ff6359c0a8bd20ce207d27c95c92610b5f0cf4984d4b1b888a358633547836d344407b161bc156f25fc87771f2ae2ee

  • SSDEEP

    49152:Lan3Qme67H9Bt1PA5dHwCUYontVVz3Ap+jJ7MgDVN8jRJ9:2n3Q4dB/PA5m8ovVzzEjH9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\Setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2344

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsi1E3B.tmp\ioSpecial.ini

          Filesize

          579B

          MD5

          15253c20795bd97d0993ad9726d289e5

          SHA1

          05e7280012e67931b1a9ac5f5f0d0e0f22f82e54

          SHA256

          7761ce3a5b16758c39bd2108f2b633c84d788647b82acf83cee2910c178034af

          SHA512

          33c2c19987154f495b107c183f9a1906dfe661b452162b0c0b58fd06eb2ab16c714081e6f62bd561e4e510fabd482e19e20fd25bde18c28a73f9a69f4627f02f

        • C:\Users\Admin\AppData\Local\Temp\nsi1E3B.tmp\ioSpecial.ini

          Filesize

          566B

          MD5

          a654b88af919776bba268800fede7d72

          SHA1

          a84f6a3fb187baf64e1250e19c5c065d0fec0ff4

          SHA256

          7641cfab813656e023c2e9c7f350b1a4542a42dd27c7e40712fdc4a099b6c754

          SHA512

          42b0a623302bd310d8c61abddcd3f0716b7c5655791291ee981a3d9f0b892f1a234cecfd31844ad5a080aecdb4ee6ff9fedce81f6b88af67b594829452e7cccd

        • \Users\Admin\AppData\Local\Temp\nsi1E3B.tmp\InstallOptions.dll

          Filesize

          14KB

          MD5

          107737e3282fefd85684f2fa3df6d1c3

          SHA1

          3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f

          SHA256

          21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0

          SHA512

          439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4