c4cdaa6cfc97a3ba8c70fe676cbcf5fa2280a616aad83b51f587d57f1764e7e0

Analysis

max time kernel
143s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SetupShim.exe
Size

134KB
MD5

6d683c23bab272e6aa3b41167d3cafd3
SHA1

1738b9242401846d40be6814d08d6d969aa15394
SHA256

7abea50aecce1c28c6312c6554dce3d72165b902241fa3a2b6d3fc09117b57ef
SHA512

01818bde9490336914d2190cb9c98ce630fb3eb38634c5d231ba027e6e8b4f0d8fc1554c1094bcf669bdd01e02a98d558c7f73f3ea38b391fab0d3d608d9269b
SSDEEP

3072:CIxhlOHEbzW5vMlS6NUX1qo4BE/9ugl+IHhrE90JGsfTyIBvzoTEVhY9HqqXf5I:sHEbzWajik9BEJBr5fTPjwKKxI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 4296	3548	SetupShim.exe	90
PID 3548 wrote to memory of 4296	3548	SetupShim.exe	90

C:\Users\Admin\AppData\Local\Temp\SetupShim.exe
"C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Users\Admin\AppData\Local\Temp\SetupFrontEnd.exe
  "SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
  2⤵
  PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log

Filesize
577B

MD5
67be229517828a8a7c3589a7736a666f

SHA1
09143b5f59103608c61d414f403f3cd79fe5b07c

SHA256
ebc8f1ba1beaaf2b0c98ca252fd6a25b8bb844397618d6139f6a5deb5bcfdcc8

SHA512
252dbd7c7aee33093daa1346654048c15ee1b402b5781cb2e823d414a2f426652e39232e6b3b701472ffca46cdc8c27470f40ebd2e2406eb8d5ebdeaaa764e6d

Download Submit
memory/4296-18-0x000001DFDD6C0000-0x000001DFDD6DA000-memory.dmp

Filesize
104KB

Download
memory/4296-19-0x000001DFDDB00000-0x000001DFDDB78000-memory.dmp

Filesize
480KB

Download
memory/4296-20-0x000001DFF7D10000-0x000001DFF7E00000-memory.dmp

Filesize
960KB

Download
memory/4296-21-0x00007FFA877F0000-0x00007FFA882B1000-memory.dmp

Filesize
10.8MB

Download
memory/4296-22-0x000001DFF8010000-0x000001DFF8212000-memory.dmp

Filesize
2.0MB

Download
memory/4296-23-0x000001DFF7E00000-0x000001DFF7E98000-memory.dmp

Filesize
608KB

Download
memory/4296-24-0x000001DFF8430000-0x000001DFF8638000-memory.dmp

Filesize
2.0MB

Download
memory/4296-25-0x000001DFF8220000-0x000001DFF831C000-memory.dmp

Filesize
1008KB

Download
memory/4296-26-0x000001DFDDA90000-0x000001DFDDA91000-memory.dmp

Filesize
4KB

Download
memory/4296-27-0x000001DFF8640000-0x000001DFF87D8000-memory.dmp

Filesize
1.6MB

Download
memory/4296-28-0x000001DFDDAD0000-0x000001DFDDAF0000-memory.dmp

Filesize
128KB

Download
memory/4296-29-0x000001DFDF5F0000-0x000001DFDF600000-memory.dmp

Filesize
64KB

Download
memory/4296-30-0x000001DFDF610000-0x000001DFDF618000-memory.dmp

Filesize
32KB

Download
memory/4296-31-0x000001DFDF5F0000-0x000001DFDF600000-memory.dmp

Filesize
64KB

Download
memory/4296-33-0x00007FFA877F0000-0x00007FFA882B1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads