c4cdaa6cfc97a3ba8c70fe676cbcf5fa2280a616aad83b51f587d57f1764e7e0

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SetupShim.exe
Size

134KB
MD5

6d683c23bab272e6aa3b41167d3cafd3
SHA1

1738b9242401846d40be6814d08d6d969aa15394
SHA256

7abea50aecce1c28c6312c6554dce3d72165b902241fa3a2b6d3fc09117b57ef
SHA512

01818bde9490336914d2190cb9c98ce630fb3eb38634c5d231ba027e6e8b4f0d8fc1554c1094bcf669bdd01e02a98d558c7f73f3ea38b391fab0d3d608d9269b
SSDEEP

3072:CIxhlOHEbzW5vMlS6NUX1qo4BE/9ugl+IHhrE90JGsfTyIBvzoTEVhY9HqqXf5I:sHEbzWajik9BEJBr5fTPjwKKxI

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2472	SetupFrontEnd.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2472	SetupFrontEnd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2472	1896	SetupShim.exe	28
PID 1896 wrote to memory of 2472	1896	SetupShim.exe	28
PID 1896 wrote to memory of 2472	1896	SetupShim.exe	28
PID 1896 wrote to memory of 2472	1896	SetupShim.exe	28

C:\Users\Admin\AppData\Local\Temp\SetupShim.exe
"C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Users\Admin\AppData\Local\Temp\SetupFrontEnd.exe
  "SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
581B

MD5
4747853c42c370c48fc71e4c7169f474

SHA1
4a19881efb5a5c549294e9d995e7d085ca7b7975

SHA256
8f3df537a3113c6a8e7ec616b945dd4fc54f4fa744a1611883afac391539ec31

SHA512
2e3e7c9f1a148461dc3341cb792e6b9f9f7fb4d356d4929c66f8ca8762caa177da970731d58e3e5c4d23c83c39fa303f43c582b2b5914ec823bffa9810e3076b

Download Submit
memory/2472-18-0x00000000102F0000-0x000000001030A000-memory.dmp

Filesize
104KB

Download
memory/2472-19-0x0000000001EC0000-0x0000000001F38000-memory.dmp

Filesize
480KB

Download
memory/2472-20-0x0000000002D40000-0x0000000002E30000-memory.dmp

Filesize
960KB

Download
memory/2472-21-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2472-22-0x0000000003310000-0x0000000003512000-memory.dmp

Filesize
2.0MB

Download
memory/2472-23-0x0000000002020000-0x00000000020B8000-memory.dmp

Filesize
608KB

Download
memory/2472-24-0x0000000003930000-0x0000000003B38000-memory.dmp

Filesize
2.0MB

Download
memory/2472-25-0x0000000003720000-0x000000000381C000-memory.dmp

Filesize
1008KB

Download
memory/2472-27-0x0000000003E20000-0x0000000003FB8000-memory.dmp

Filesize
1.6MB

Download
memory/2472-26-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2472-28-0x0000000000650000-0x0000000000670000-memory.dmp

Filesize
128KB

Download
memory/2472-30-0x0000000001F70000-0x0000000001F78000-memory.dmp

Filesize
32KB

Download
memory/2472-29-0x0000000002140000-0x00000000021C0000-memory.dmp

Filesize
512KB

Download
memory/2472-31-0x0000000002140000-0x00000000021C0000-memory.dmp

Filesize
512KB

Download
memory/2472-48-0x000007FFFFEC0000-0x000007FFFFED0000-memory.dmp

Filesize
64KB

Download
memory/2472-54-0x000007FFFFEB0000-0x000007FFFFEC0000-memory.dmp

Filesize
64KB

Download
memory/2472-60-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2472-61-0x0000000002140000-0x00000000021C0000-memory.dmp

Filesize
512KB

Download
memory/2472-62-0x0000000002140000-0x00000000021C0000-memory.dmp

Filesize
512KB

Download
memory/2472-63-0x0000000002140000-0x00000000021C0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads