Overview

overview

7

Static

static

1

Setup_WinT...24.exe

windows7-x64

4

Setup_WinT...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1792s
  • max time network
    1573s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-04-2024 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_WinThruster_2024.exe

  • Size

    7.3MB

  • MD5

    62f9258f3ae4774f9dc169a2a0b1d68e

  • SHA1

    56164f50722724275c0db381235d3b793f85acd5

  • SHA256

    82f5a693742c6c35f1280dbc5a4148598c129208dfc0544a5cd457b7ac8e824a

  • SHA512

    ef04a48d957d646e0b4fbdb68bfe59bedfb6f5701dd9497b2bc5abeea57b5d7be5f8694ca59d535c8d14514ecacfb6773476abcd3d2f65a1da7c0c75241d7fd2

  • SSDEEP

    98304:cSi3CpUYtyBI5sdXR/YVTWXumt2Q7VJedSNtjrk8rNF3y0HWRR4cmWDjzK45:IClt4I+yTd2rJzrjr7H3r2R2qHb

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2024.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2024.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\is-O35IK.tmp\Setup_WinThruster_2024.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O35IK.tmp\Setup_WinThruster_2024.tmp" /SL5="$80026,6737092,878080,C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2024.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-O35IK.tmp\Setup_WinThruster_2024.tmp
    Filesize

    3.1MB

    MD5

    16a420e714bb48a8d432e3fd4f30db9f

    SHA1

    989fcf9a41445934e108b0e6b5c65936e9aa242a

    SHA256

    a0b1ac070ed5fc2b0c7e0dcbcfa3d5a127d3fe2c33ac62baf1976ed244bef7a7

    SHA512

    79b866dffad2f0ef572700449a1bd56fd8fee86fb2b454fea2938e14cba3a1ebb979f3d233b81ea19b74480334947f157f7218bb8214c4b86142528d5dd01193

    Download Submit
  • memory/1756-7-0x00000000001D0000-0x00000000001D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1756-12-0x0000000000400000-0x000000000071D000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1756-15-0x00000000001D0000-0x00000000001D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1936-0-0x0000000000400000-0x00000000004E4000-memory.dmp
    Filesize

    912KB

    Download
  • memory/1936-11-0x0000000000400000-0x00000000004E4000-memory.dmp
    Filesize

    912KB

    Download