Overview

overview

10

Static

static

1

lnstaller_...86.exe

windows7-x64

lnstaller_...86.exe

windows10-2004-x64

10

Resubmissions

15/03/2024, 02:04

240315-cha8nadh2w 10

14/03/2024, 14:03

240314-rc1zfsga97 10

Analysis

  • max time kernel
    26s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 14:03

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    lnstaller_2024.008.20535_win64_86.exe

  • Size

    18.7MB

  • MD5

    df6c0952255d459617f1b0f85c81d27d

  • SHA1

    3a9a43dbe52de0d9a5b064c33f19ea6eea106870

  • SHA256

    9d42b5a2c6c6ce0c2966cf48f2566abd3060ca75ad5286cb2bb5b2eb2a92292f

  • SHA512

    37847697a8ef67ec597a1737f1d8fa6aee007b5afaa2c1550afeff71262a721533a76beb8535d4ee34a0d9b20c25f518c9cdee40fd5400664866b5dfcbf020ea

  • SSDEEP

    98304:8FRMYdiZlRs9Fm9cy3mo3tR1KtrAf29At4iABaAtO/u4B1sKTPX49P4lwpDbypx8:8XMYdiaMf3tRgwiwAuvs649P9D26sTA

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lnstaller_2024.008.20535_win64_86.exe
    "C:\Users\Admin\AppData\Local\Temp\lnstaller_2024.008.20535_win64_86.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2380
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2548
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:280
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1228

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\1e495136
              Filesize

              1.6MB

              MD5

              2498abb5294f4ff7eb23e2715e8fc4e6

              SHA1

              299b0d14b7f0527a4dab958cc6d8152424efa0e9

              SHA256

              a27f87088e72a696a2864244d9d54085f26177a064f0dd70e443b547aa2aadde

              SHA512

              cebb7c14cc77074bfa5116cd56b6546bf91ebcb000bb6fda63edd84c154ec0e1b2d1cd8960e149cd471c5c7efed6cab9be71aee5dee57cbfc21f03f29794bb5b

              Download Submit

            • memory/280-29-0x00000000029C0000-0x00000000029C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1228-30-0x00000000027A0000-0x00000000027A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2380-28-0x0000000077130000-0x00000000772D9000-memory.dmp

              Filesize

              1.7MB

              Download

            • memory/2380-27-0x0000000074020000-0x0000000074194000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/2548-23-0x0000000140000000-0x00000001405E8000-memory.dmp

              Filesize

              5.9MB

              Download

            • memory/2548-21-0x0000000140000000-0x00000001405E8000-memory.dmp

              Filesize

              5.9MB

              Download

            • memory/2876-18-0x0000000077130000-0x00000000772D9000-memory.dmp

              Filesize

              1.7MB

              Download

            • memory/2876-22-0x0000000074020000-0x0000000074194000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/2876-19-0x0000000074020000-0x0000000074194000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/2876-0-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2876-17-0x0000000074020000-0x0000000074194000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/2876-16-0x0000000000400000-0x00000000016C3000-memory.dmp

              Filesize

              18.8MB

              Download