Overview

overview

8

Static

static

3

LoggingPlatform.dll

windows7-x64

7

LoggingPlatform.dll

windows10-2004-x64

7

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

UpdateRing...gs.dll

windows7-x64

7

UpdateRing...gs.dll

windows10-2004-x64

7

de-DE.dll

windows7-x64

1

de-DE.dll

windows10-2004-x64

1

msvcp140.dll

windows7-x64

3

msvcp140.dll

windows10-2004-x64

3

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

3

wtsapi32.dll

windows7-x64

7

wtsapi32.dll

windows10-2004-x64

7

out.iso

windows7-x64

1

out.iso

windows10-2004-x64

1

Screenshots.lnk

windows7-x64

4

Screenshots.lnk

windows10-2004-x64

7

__TEMP/Log...rm.dll

windows7-x64

7

__TEMP/Log...rm.dll

windows10-2004-x64

7

__TEMP/Mic...nt.exe

windows7-x64

7

__TEMP/Mic...nt.exe

windows10-2004-x64

7

__TEMP/msvcp140.dll

windows7-x64

1

__TEMP/msvcp140.dll

windows10-2004-x64

1

__TEMP/update.dll

windows7-x64

8

__TEMP/update.dll

windows10-2004-x64

1

__TEMP/vcr...40.dll

windows7-x64

1

__TEMP/vcr...40.dll

windows10-2004-x64

1

__TEMP/vcr..._1.dll

windows7-x64

1

__TEMP/vcr..._1.dll

windows10-2004-x64

1

__TEMP/wtsapi32.dll

windows7-x64

7

__TEMP/wtsapi32.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-03-2024 08:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    582KB

  • MD5

    ce1054d542dbd999401236f2ce20f826

  • SHA1

    df07ed235ee93f44f4f0e4dd73f0e8af068a7791

  • SHA256

    81716b54cb34ef6d6938c042e30c847742dcffeb8ed4e67268387fed040b9315

  • SHA512

    efe21b9393084e098b9e3baafcd7467e25d764b70a8f34d071de9c4f3e8f1ead3974c9fe3d98152eb16dbd17e7f6bed985939d6b305441cec4ac548284c9716b

  • SSDEEP

    12288:x1ziebuYdvx24mGeamdda+W2JyaslYC1JL9PcSCfB:x1mohzmHamuCJyasaCVP6fB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\users\Admin\appdata\local\Microsoft\PlayReady\FileCoAuth.exe
      "C:\users\Admin\appdata\local\Microsoft\PlayReady\FileCoAuth.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Temp\Tar14B4.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit
  • C:\users\Admin\appdata\local\Microsoft\PlayReady\LoggingPlatform.DLL
    Filesize

    450KB

    MD5

    b54858b7357303dbd5582ea44abeeab8

    SHA1

    f3ba1d65f855d61dce13efbc42ce60ca8548a49c

    SHA256

    cc912e37802cd5c128c19949d4529e7d48266d67dd7b6dfedfd9c493d94cbe64

    SHA512

    b364ee1019e215c10030834cca4ca6436568e6ef25d2bee877b908bbf68f7c004559ff5317275b17c2f221c0daedbf50e11ec1bfe29c96cb61389cba75bb2295

    Download Submit
  • C:\users\Admin\appdata\local\Microsoft\PlayReady\MSVCP140.dll
    Filesize

    438KB

    MD5

    a1b3963e1766c5266d94b171a4595cee

    SHA1

    9283a813774f2e310997ba08bca9ec96282a85d1

    SHA256

    0f5aeae55bf6d7b37e5582ec60bbdb93bf24adf648f9fa342cdba1b0a754e403

    SHA512

    ef0a3cb33902eb0dd3d80b688f5e23b4192ebafb131b30c56f27221412daf72b40c3e17670ec1ca8209775369f93bf66a3a75ae5acff45e629e732464d3972b8

    Download Submit
  • C:\users\Admin\appdata\local\Microsoft\PlayReady\UpdateRingSettings.dll
    Filesize

    377KB

    MD5

    9f950504d5ea22c6f1ee20f7c2ed3b7b

    SHA1

    5090de783322847e6395567e7449fc4200b054a5

    SHA256

    37253093d3c8ed1d56b3a50f31f8944888ff38b714097637c5372a0ad19c337b

    SHA512

    ae80c7778304140d4476d42f6ef4439c61c2ec4ff42958007b93418a53908fb516544c57e1db99b7a6d79ae501f49c46f6636d8f967b033e744feb33879e0734

    Download Submit
  • C:\users\Admin\appdata\local\Microsoft\PlayReady\WTSAPI32.dll
    Filesize

    267KB

    MD5

    75d2c686d410ec1f880a6fd7a9800055

    SHA1

    c5fa1dc0a76bed67f1a1a9bc943b39ef6e4ed104

    SHA256

    8e2429d70989bbdd2ea8842dce7c3d790ebe148490ee519b47767557f4a4a733

    SHA512

    a05115d2eaed22ac685b0e45751650bd58f6d4f46c6fb2ba8fb564b1a959ea27ac209e1d1c53e4c966ee8d0e502af7ab9e3ccb311b66d704160141b12edac2c5

    Download Submit
  • \Users\Admin\AppData\Local\Microsoft\PlayReady\FileCoAuth.exe
    Filesize

    582KB

    MD5

    ce1054d542dbd999401236f2ce20f826

    SHA1

    df07ed235ee93f44f4f0e4dd73f0e8af068a7791

    SHA256

    81716b54cb34ef6d6938c042e30c847742dcffeb8ed4e67268387fed040b9315

    SHA512

    efe21b9393084e098b9e3baafcd7467e25d764b70a8f34d071de9c4f3e8f1ead3974c9fe3d98152eb16dbd17e7f6bed985939d6b305441cec4ac548284c9716b

    Download Submit
  • \Users\Admin\AppData\Local\Microsoft\PlayReady\vcruntime140.dll
    Filesize

    77KB

    MD5

    f686e2331a83d20798cfc2734729e531

    SHA1

    c7e6398f5a735039baabf22712c5a8aee5a945e1

    SHA256

    535f74f446a1b7b53da24a742d02369cbcc609003a6b4a8175491aa71c5481b4

    SHA512

    30ea339ec845dbc9aa7b323ed25e516cb04f3e17789cd28f54646c82395f0b42eb4a5d4d4aa06c4d39b9602c37590b31ca5c0bfa22a514a73ec45e39c0d8e31a

    Download Submit