a5de8c70676fdd157414e3116c7cb6f3dba48e549b5880177b10e4e6bc6c282e

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mingw-get-setup.exe
Size

91KB
MD5

60737d3eabafc0def38e26fa31648b35
SHA1

997a8f7136da1ae6c188b98aab6042293558f5a7
SHA256

a5de8c70676fdd157414e3116c7cb6f3dba48e549b5880177b10e4e6bc6c282e
SHA512

cc455b3092614452163700ab195d8dd9fd2f45836e62933a4f48b4952ab8ae820883d37331fe7ed4b2355947e04dcd18df2a0355a753b8ebbe49f0b5615162de
SSDEEP

1536:sCbVtp1jq4DLe4/aBwRWfDwcGXccHRv0xWr6sRsOGz4E9c1/nouy8gPAB:VbV5jqGKaamRWfzGMEco+OBOcVoutgM

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1940	mingw-get-setup.exe
1940	mingw-get-setup.exe
2772	wscript.exe
2464	wscript.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1940-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/1940-4-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/1940-309-0x0000000000400000-0x000000000043B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1940	mingw-get-setup.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2772	1940	mingw-get-setup.exe	30
PID 1940 wrote to memory of 2772	1940	mingw-get-setup.exe	30
PID 1940 wrote to memory of 2772	1940	mingw-get-setup.exe	30
PID 1940 wrote to memory of 2772	1940	mingw-get-setup.exe	30
PID 1940 wrote to memory of 2464	1940	mingw-get-setup.exe	31
PID 1940 wrote to memory of 2464	1940	mingw-get-setup.exe	31
PID 1940 wrote to memory of 2464	1940	mingw-get-setup.exe	31
PID 1940 wrote to memory of 2464	1940	mingw-get-setup.exe	31

C:\Users\Admin\AppData\Local\Temp\mingw-get-setup.exe
"C:\Users\Admin\AppData\Local\Temp\mingw-get-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\wscript.exe
  wscript -nologo C:\MinGW\libexec\mingw-get\shlink.js --all-users --start-menu --description "MinGW Installation Manager" C:\MinGW\libexec\mingw-get\guimain.exe "MinGW Installation Manager"
  2⤵
  - Loads dropped DLL
  PID:2772
- C:\Windows\SysWOW64\wscript.exe
  wscript -nologo C:\MinGW\libexec\mingw-get\shlink.js --all-users --desktop --description "MinGW Installation Manager" C:\MinGW\libexec\mingw-get\guimain.exe "MinGW Installer"
  2⤵
  - Loads dropped DLL
  PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MinGW\libexec\mingw-get\shlink.js

Filesize
10KB

MD5
f0861da48872feb2c68f37ba56b32ccf

SHA1
8c70edbc076b6dcf343928dee7bfdecf0ae1428e

SHA256
62f8d0e08a6766f03f681653608550f46668f8a84e6173fb49a8c447e47e1dfe

SHA512
d9239f711e0537afa839e40e3da38fd93a0a664bd04a715143138803ad41c519e2eba2dcd3d00480fffad010cb243e33528660369d57330db4f228012c807144

Download Submit
C:\MinGW\var\cache\mingw-get\data\package-list.xml

Filesize
493B

MD5
f124d9187137d6965a4857cd82343cd1

SHA1
ef0cbc6b68ad0c716eb19eeb9f974d3a708042ea

SHA256
879835005c823d719a788f185c4ff218deb900e584e4e9165aea00dbcd71a371

SHA512
1e98ad4ac5dac5a9672339814994f5573b24b5f0498d4795bc65dacb5e91dad0e40cedac6966140c34073280c1fe8963e77b441565e654aa70e6d5d0f6c2da9e

Download Submit
C:\MinGW\var\cache\mingw-get\packages\mingw-get-0.6.3-mingw32-pre-20170905-1-bin.tar.xz

Filesize
262KB

MD5
cbadecd046524947608d284878ec8942

SHA1
4cea1a0da590cf40ec82ad665d342ca46fac8112

SHA256
82552612bdcee990152e2806d2ebf29990129679508db48479af922fc017d5d9

SHA512
3a24c1d38d5175fdeba0a82b902635632c571da4febb59b3b78601ba1986773788912c8f047caf11f0bb4f8f58a67bcde6203a2f790129093f65eeb558d5d568

Download Submit
C:\MinGW\var\cache\mingw-get\packages\mingw-get-0.6.3-mingw32-pre-20170905-1-gui.tar.xz

Filesize
63KB

MD5
f6098e8e7b53366872ede448295f7858

SHA1
23b765d5a643c0e4bac762c9a15e9c2a91a00a58

SHA256
1acec5de7f08b5f806a567bda423a060b305722f725df6e265d083f745d04356

SHA512
6d7a4f57617083db43a5cbcb23d7472bdde5cc8cce3ff52e9f76378208cb8c9acf674815d6e551d6ae00527ade7d017d55166a6040798e1fa96c4a228bdb9be8

Download Submit
C:\MinGW\var\cache\mingw-get\packages\mingw-get-0.6.3-mingw32-pre-20170905-1-lic.tar.xz

Filesize
11KB

MD5
f18ede16328cbc686aa9b4850552a31e

SHA1
9f726f6d37c11d0eebd89aa530fa29a738844e14

SHA256
8265c4e66f94a64307abb907f84c1caf0fe746cefb517081be3e9d5b59a18747

SHA512
ea6ea80b5c71c6015fd3dc6ff7c8541deabe8cfed33bc23b61af61ad4e3e4c2482779d37e246863a143a03d0147b1c0c58c3d64eadb223a8fd8aac7b97855174

Download Submit
C:\MinGW\var\lib\mingw-get\data\mingw32-mingw-get.xml

Filesize
5KB

MD5
5347b8944a1a422805de4837cca9d2d0

SHA1
883b07940c225d8ec058f0582f8f5a6a8d71157c

SHA256
38a4c26035c51c837379eca66f9a140b9fadcd77b89cafdcc5b2734cb5b33d36

SHA512
72e583ed2cc9fc1d8e9e97d0df4f78d8152b03dd95eb92c3533295ea0a53a6eeb5486f10e074f16d7636f508b014e79cf709deb748412c9186f94f5bd2549edb

Download Submit
C:\MinGW\var\lib\mingw-get\data\profile.xml

Filesize
5KB

MD5
cdd18aad7799b67bfc6f4e84f91af812

SHA1
ee063eaa1474add88074b896dca98ce9337281bb

SHA256
b8eacd302acd073e5d2b60241737573f32aca1cf1969d834a59aa2262e001e7f

SHA512
a2043aa1a9a511ecf392c2502c81d87fcc584cac859eb38ad9ed3b86ede82e25a566b1336f379144edadf882eaeaea62a3e19051e84fce9e28b8f1607c857882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\libisl-0.18-1-mingw32-dll-15.tar[1].xz

Filesize
213B

MD5
b6455ebdb86e64f9b7f4baf387390522

SHA1
d2334555f2db7b8b75333694177150e5f7cffbf9

SHA256
e7a8991b8de8ab8cf3746ca0763d89859f9970c8a7ae382254e19658a78dae11

SHA512
0907395248dba743184467f351868b3255659eed9b3daba22beb3db9d9218f02664506c1041d0a75e4e0a32ab17a3ac3c51c2850beb326d0295b4db222e5b734

Download Submit
\MinGW\libexec\mingw-get\guimain.exe

Filesize
152KB

MD5
1cbf02d5e8ab53f505140865d4010d76

SHA1
b696e891ea955f1cb076a3e109b1e4956a0505e6

SHA256
793586527e07a38c3337ae75ff3bf628012011c56a11285f1758d6703d28da10

SHA512
b190b5d4cfc0bc662d3305379470d3c08e30eac3e1365df943a25ad8d6a80b8678e4234e0ecf44b31dab7ab5963a92d3abec6e9280777ebb29f91622bec22e24

Download Submit
\MinGW\libexec\mingw-get\mingw-get-0.dll

Filesize
550KB

MD5
1c56dbb1ed0b166444ea83fce0abe31f

SHA1
55b2663e82b5995656c9886cd5a0e25d2db9972b

SHA256
bdfd256c171045c9692f79759d1896ffb46e211640a72226ab13c3035d8bd583

SHA512
b4ab3bb1d32ea0f464c408ec1f5037c1441ab072f165b933f44224fff6d5156adedc9d03e4637fc5a829e3de04c3329a0700bd9c56cb2b1bb1b0d4730cbce27f

Download Submit
\MinGW\libexec\mingw-get\mingw-get-setup-0.dll

Filesize
143KB

MD5
42fa2eba01d71aab3cbd8a276ab81e54

SHA1
8cee36f8d93df4c87e28df8580a5987bce47b31d

SHA256
3ebf0315c62276f63eb19cd96e05e03f27b2241cb1a79a764e004684181c756f

SHA512
d22fa8be5b7a4f3f264f7655bcf8628920589a5a0cb4e1ceb18894c494090b40e0fdc07547e7bf1e0bf26ab81c5aa83ef5b8f481aaffc2d663ef5e5c4dcbd75b

Download Submit
memory/1940-328-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-282-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-300-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-299-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-309-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1940-298-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-311-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-297-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-296-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-313-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-295-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-315-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-294-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-293-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-317-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-292-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-291-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-319-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-290-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-321-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-289-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-288-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-324-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-323-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-287-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-326-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-286-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-308-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-327-0x0000000010000000-0x0000000010095000-memory.dmp

Filesize
596KB

Download
memory/1940-285-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-329-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-284-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-283-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-301-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-281-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-280-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-349-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-350-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-348-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-389-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-347-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-346-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-345-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-344-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-343-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-342-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-341-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-340-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-339-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-338-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-337-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-336-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-335-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-334-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-333-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-332-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-331-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-279-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-277-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-302-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-303-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-306-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-304-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-421-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-4-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1940-657-0x00000000033E0000-0x000000000340F000-memory.dmp

Filesize
188KB

Download
memory/1940-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download