3580962e7151aea9507413341558f760c60987546887c85edb3745e4ed844d0a

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

2.3MB
MD5

5d52ef45b6e5bf144307a84c2af1581b
SHA1

414a899ec327d4a9daa53983544245b209f25142
SHA256

26a24d3b0206c6808615c7049859c2fe62c4dcd87e7858be40ae8112b0482616
SHA512

458f47c1e4ccf41edaacc57abb663ee77ca098fffc596fad941bbdea67653aeabc79b34d607078b9ee5adb45614e26f5c28a09e8faf9532081fdd5dec9ac3c48
SSDEEP

49152:DzO+g39FbI0eQf/Z3CarWedoYAmXviDTMtT2wkqN5K:DzO19Fnf/hdoYAm9ZkqN5K

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

Setup.exe

description pid process target process

PID 2228 set thread context of 2340 2228 Setup.exe ftp.exe
Loads dropped DLL 2 IoCs

Processes:

ftp.exeBvInputDiag.exe

pid process

2340 ftp.exe
2244 BvInputDiag.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Setup.exeftp.exe

pid process

2228 Setup.exe
2228 Setup.exe
2340 ftp.exe
2340 ftp.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

Setup.exeftp.exe

pid process

2228 Setup.exe
2340 ftp.exe

description	pid	process	target process
PID 2228 set thread context of 2340	2228	Setup.exe	ftp.exe

pid	process
2340	ftp.exe
2244	BvInputDiag.exe

pid	process
2228	Setup.exe
2228	Setup.exe
2340	ftp.exe
2340	ftp.exe

pid	process
2228	Setup.exe
2340	ftp.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

Setup.exeftp.exe

description	pid	process	target process
PID 2228 wrote to memory of 2340	2228	Setup.exe	ftp.exe
PID 2228 wrote to memory of 2340	2228	Setup.exe	ftp.exe
PID 2228 wrote to memory of 2340	2228	Setup.exe	ftp.exe
PID 2228 wrote to memory of 2340	2228	Setup.exe	ftp.exe
PID 2228 wrote to memory of 2340	2228	Setup.exe	ftp.exe
PID 2340 wrote to memory of 2244	2340	ftp.exe	BvInputDiag.exe
PID 2340 wrote to memory of 2244	2340	ftp.exe	BvInputDiag.exe
PID 2340 wrote to memory of 2244	2340	ftp.exe	BvInputDiag.exe
PID 2340 wrote to memory of 2244	2340	ftp.exe	BvInputDiag.exe
PID 2340 wrote to memory of 2244	2340	ftp.exe	BvInputDiag.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\ftp.exe
  C:\Windows\SysWOW64\ftp.exe
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe
    C:\Users\Admin\AppData\Local\Temp\BvInputDiag.exe
    3⤵
    - Loads dropped DLL
    PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\23d54d89

Filesize
1.1MB

MD5
3364ddadce644290ca9460e9a65b79fc

SHA1
e6e2921f04dd4c447c020a85e491674a9045f498

SHA256
27876cf27483d7553be2e309c7f6cd89ded830c1a0b12eed846dde49ed5e3a33

SHA512
8f97aecad618b85a62b95b1c0abf32f9b87cf2b8355f8e36d4e7fd3c93426e182a9ac93d8d33f7defb7193f17f1715f4b9fc5a75fbc2ca1a1367afdc50c7498c

Download Submit
\Users\Admin\AppData\Local\Temp\BvInputDiag.exe

Filesize
136KB

MD5
3d754cfa4a5b2a3f19720550acf6d3cf

SHA1
e5c78edbd54e14a42258a6c223d2cf128530e1b6

SHA256
8e5e627881c8182bfbb64601c6f4f7b30ba950dfd10f638f404479406b2c03b8

SHA512
18db06443a718b8233ac9724e7f96310bf5841d2c980cd1d02e6fb6743e23acc13bd67fcd214b4c0650ac933f6f081759d699c73e14baf26ffc324c2b30f153b

Download Submit
memory/2228-18-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2228-17-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/2228-10-0x0000000074DE0000-0x0000000074F54000-memory.dmp

Filesize
1.5MB

Download
memory/2228-0-0x0000000074DE0000-0x0000000074F54000-memory.dmp

Filesize
1.5MB

Download
memory/2228-13-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/2228-15-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2228-1-0x0000000077CA0000-0x0000000077E49000-memory.dmp

Filesize
1.7MB

Download
memory/2228-11-0x0000000074DE0000-0x0000000074F54000-memory.dmp

Filesize
1.5MB

Download
memory/2228-21-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/2228-20-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/2228-19-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/2244-38-0x0000000000CE0000-0x0000000000D00000-memory.dmp

Filesize
128KB

Download
memory/2244-37-0x0000000000CE0000-0x0000000000D00000-memory.dmp

Filesize
128KB

Download
memory/2244-36-0x0000000000080000-0x00000000000CE000-memory.dmp

Filesize
312KB

Download
memory/2244-32-0x0000000077CA0000-0x0000000077E49000-memory.dmp

Filesize
1.7MB

Download
memory/2244-33-0x0000000000080000-0x00000000000CE000-memory.dmp

Filesize
312KB

Download
memory/2340-14-0x0000000074DE0000-0x0000000074F54000-memory.dmp

Filesize
1.5MB

Download
memory/2340-30-0x0000000074DE0000-0x0000000074F54000-memory.dmp

Filesize
1.5MB

Download
memory/2340-27-0x0000000074DE0000-0x0000000074F54000-memory.dmp

Filesize
1.5MB

Download
memory/2340-24-0x0000000074DE0000-0x0000000074F54000-memory.dmp

Filesize
1.5MB

Download
memory/2340-22-0x0000000077CA0000-0x0000000077E49000-memory.dmp

Filesize
1.7MB

Download