Overview

overview

10

Static

static

1

AOMEIBacku...up.exe

windows7-x64

5

AOMEIBacku...up.exe

windows10-2004-x64

7

AOMEICyber...ee.exe

windows7-x64

4

AOMEICyber...ee.exe

windows10-2004-x64

4

CBackupSetup.exe

windows7-x64

4

CBackupSetup.exe

windows10-2004-x64

4

FoneTool_setup.exe

windows7-x64

10

FoneTool_setup.exe

windows10-2004-x64

10

MyRecover_...up.exe

windows7-x64

4

MyRecover_...up.exe

windows10-2004-x64

4

MyRecover_...up.exe

windows7-x64

5

MyRecover_...up.exe

windows10-2004-x64

5

Resubmissions

07-03-2024 15:06

240307-sg3jhseb28 10

Analysis

  • max time kernel
    146s
  • max time network
    219s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CBackupSetup.exe

  • Size

    33.6MB

  • MD5

    b4f13a3078b128a011d436fa28bcd88d

  • SHA1

    fd52af5b2f757fd4714ab67c6168d7ad60296457

  • SHA256

    ee36e42b3e50cc6e0ac888250701938e76a6517dbcabda7f8c912a84db5674ae

  • SHA512

    3f0ecf2f3732043a250e2a329ae8e2fe2e48f7bda2a05afc2fe0cc302e902ee5d94cbfcc8316df8aabf255c5675061cd94a8737d5c675ef36de7aa9d5f78aa84

  • SSDEEP

    786432:dUHEO1DiRKnn73T6L7snKbo8g7UW8b7fNsZHDerblSJ9daGFq:dzcn73O7nb3iU9b7e9erJSzs

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CBackupSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\CBackupSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4664
    • C:\Users\Admin\AppData\Local\Temp\is-QMEMJ.tmp\CBackupSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-QMEMJ.tmp\CBackupSetup.tmp" /SL5="$401F6,34204878,808448,C:\Users\Admin\AppData\Local\Temp\CBackupSetup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-695R8.tmp\CancelProcess.dll
    Filesize

    77KB

    MD5

    4fc3b9fa02324ec58a3cbeaf8331ac30

    SHA1

    aa0993e820b4cd6807661d243b7967f7f31d7ccd

    SHA256

    214c0a4a15466a38b0cc7c154e9e2417cf68dc39c730ebc51c7a6b77618bcbee

    SHA512

    9a199a6b57e5e0c872ed529ab69b28d8c7f61c76fbd19df41e5f5d05ef6227a1177dc237f29529130e4c0e0e8337cecf84228b2002701e53b539791be3837559

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QMEMJ.tmp\CBackupSetup.tmp
    Filesize

    2.1MB

    MD5

    55d21b109823dc12ebae53d632934ad2

    SHA1

    c654f1ca031c17651a2074e267cbb4f697d3d8fb

    SHA256

    78f0ddf21cfb9c406de582bd489211f238b930a091eabf82bfe02da3f16eb935

    SHA512

    2a874357de98cc1bb71d69fa5619acede9a0c651fe28305167fcc7ca04c85d75af90d8a3be345dfc15353391d5da6254fa16e3dadcb81f5bc98bdf7c1f07c2de

    Download Submit

  • memory/3012-6-0x0000000000930000-0x0000000000931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-17-0x0000000000400000-0x000000000061C000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-19-0x0000000000400000-0x000000000061C000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-20-0x0000000000930000-0x0000000000931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4664-0-0x0000000000400000-0x00000000004D0000-memory.dmp

    Filesize

    832KB

    Download

  • memory/4664-16-0x0000000000400000-0x00000000004D0000-memory.dmp

    Filesize

    832KB

    Download