2ba315ff4d5e4d85b85759fffad1152c3388a8e761c32dfde8c72fff1b96bfe5

Resubmissions

17-04-2024 07:33

240417-jdvvtsae31 10

17-04-2024 06:33

240417-ha7jsahe7s 10

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

2.3MB
MD5

5d52ef45b6e5bf144307a84c2af1581b
SHA1

414a899ec327d4a9daa53983544245b209f25142
SHA256

26a24d3b0206c6808615c7049859c2fe62c4dcd87e7858be40ae8112b0482616
SHA512

458f47c1e4ccf41edaacc57abb663ee77ca098fffc596fad941bbdea67653aeabc79b34d607078b9ee5adb45614e26f5c28a09e8faf9532081fdd5dec9ac3c48
SSDEEP

49152:DzO+g39FbI0eQf/Z3CarWedoYAmXviDTMtT2wkqN5K:DzO19Fnf/hdoYAm9ZkqN5K

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1284 set thread context of 3024	1284	Setup.exe	28

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1284	Setup.exe
1284	Setup.exe
3024	netsh.exe
3024	netsh.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
1284	Setup.exe
3024	netsh.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 3024	1284	Setup.exe	28
PID 1284 wrote to memory of 3024	1284	Setup.exe	28
PID 1284 wrote to memory of 3024	1284	Setup.exe	28
PID 1284 wrote to memory of 3024	1284	Setup.exe	28
PID 1284 wrote to memory of 3024	1284	Setup.exe	28
PID 3024 wrote to memory of 2488	3024	netsh.exe	32
PID 3024 wrote to memory of 2488	3024	netsh.exe	32
PID 3024 wrote to memory of 2488	3024	netsh.exe	32
PID 3024 wrote to memory of 2488	3024	netsh.exe	32
PID 3024 wrote to memory of 2488	3024	netsh.exe	32

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\netsh.exe
  C:\Windows\SysWOW64\netsh.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1df70a0e

Filesize
1016KB

MD5
dfe82888bb003d59ea8fdc5622aced17

SHA1
bad283644426b5dba53f7d56471ad2d355e91da5

SHA256
17ae9a789329320e91358fd3e1fb569044e011db0c1c47d25be6cb9725d9b301

SHA512
ae71c1da54e771d6dc10f827b6adca0f664fb9b2ced0be20fe0650b64654b9a7c966c8fa5314b0d39f7647a915ff36fa069520e4e7cd8b36ff24b444eb143bb0

Download Submit
memory/1284-17-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/1284-15-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/1284-11-0x0000000074500000-0x0000000074674000-memory.dmp

Filesize
1.5MB

Download
memory/1284-13-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/1284-18-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/1284-1-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/1284-10-0x0000000074500000-0x0000000074674000-memory.dmp

Filesize
1.5MB

Download
memory/1284-19-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/1284-0-0x0000000074500000-0x0000000074674000-memory.dmp

Filesize
1.5MB

Download
memory/1284-21-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/1284-20-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/2488-27-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/2488-31-0x0000000000870000-0x0000000000AF1000-memory.dmp

Filesize
2.5MB

Download
memory/2488-30-0x0000000000870000-0x0000000000AF1000-memory.dmp

Filesize
2.5MB

Download
memory/2488-29-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2488-28-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3024-14-0x0000000074500000-0x0000000074674000-memory.dmp

Filesize
1.5MB

Download
memory/3024-26-0x0000000074500000-0x0000000074674000-memory.dmp

Filesize
1.5MB

Download
memory/3024-23-0x0000000074500000-0x0000000074674000-memory.dmp

Filesize
1.5MB

Download
memory/3024-24-0x0000000074500000-0x0000000074674000-memory.dmp

Filesize
1.5MB

Download
memory/3024-22-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download