Overview

overview

10

Static

static

1

AOMEIBacku...up.exe

windows7-x64

5

AOMEIBacku...up.exe

windows10-2004-x64

7

AOMEICyber...ee.exe

windows7-x64

4

AOMEICyber...ee.exe

windows10-2004-x64

4

CBackupSetup.exe

windows7-x64

4

CBackupSetup.exe

windows10-2004-x64

4

FoneTool_setup.exe

windows7-x64

10

FoneTool_setup.exe

windows10-2004-x64

10

MyRecover_...up.exe

windows7-x64

4

MyRecover_...up.exe

windows10-2004-x64

4

MyRecover_...up.exe

windows7-x64

5

MyRecover_...up.exe

windows10-2004-x64

5

Resubmissions

07-03-2024 15:06

240307-sg3jhseb28 10

Analysis

  • max time kernel
    151s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MyRecover_WinSetup.exe

  • Size

    38.9MB

  • MD5

    3567449018ac404227e656f871e1211c

  • SHA1

    648c156e6c577b67e94d95c7ca615c1b47db5ee1

  • SHA256

    714319604cc380bbd4b1d3562aed6aa6b1873e6df23ae338aa614242acd47090

  • SHA512

    c9c8fe497af2887162b0ada8744a8eae0f9d67820cb9ac7a7dad8c8f250f9e244ef02bedd6c7ce3c38f518e44dff104d2f1b7de0188692dd79520f838c2efff9

  • SSDEEP

    786432:ZgsREetCXWaKXTrbsR919Cfk7IWeSIsC9ptFqOFB5ZKynZaw0:Zgz4AR91gf8IvHFB5MyZw

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MyRecover_WinSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MyRecover_WinSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\Users\Admin\AppData\Local\Temp\is-5JKUU.tmp\MyRecover_WinSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5JKUU.tmp\MyRecover_WinSetup.tmp" /SL5="$600E8,40255409,363008,C:\Users\Admin\AppData\Local\Temp\MyRecover_WinSetup.exe"
      2⤵
      • Executes dropped EXE
      PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5JKUU.tmp\MyRecover_WinSetup.tmp
    Filesize

    1.6MB

    MD5

    137e0ee4fa545fbcc411700d58b88619

    SHA1

    e18ed74db4ef6d11e1f3b708317cf5dc24f9ec2c

    SHA256

    1ba7fd7c21411ae6546e7c88de7a4fff0884b4a945dd3ff8440629d5105d3d74

    SHA512

    04fa0eb95f52b62803359cb027301d8c3786293a3a42aa9151f8e2bfc3f39048b6eaca4093f2cd4c2167c4005d3869611a64c109cdced6a7a65a92f5725c65cb

    Download Submit

  • memory/60-0-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/60-11-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/812-6-0x00000000024A0000-0x00000000024A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/812-12-0x0000000000400000-0x00000000005AF000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/812-15-0x00000000024A0000-0x00000000024A1000-memory.dmp

    Filesize

    4KB

    Download