Overview

overview

5

Static

static

1

SetupPoker.exe

windows10-2004-x64

5

goldbet-poker.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    1172s
  • max time network
    1173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 17:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupPoker.exe

  • Size

    961KB

  • MD5

    4b7f817c7e63ca26090fc2c3603dc937

  • SHA1

    5ec5c285ab8d3986edf1e74f0d8afaf7f3b44550

  • SHA256

    5b79e006c00a5e8e621ad8cdba01491e5a2ec1f6e8500b02f842e7d5451b432e

  • SHA512

    ad465a145bcc0d080d776c3a5de0ff4490b844116c0f772ad22cf7f166878b7bbadcc84bd53a59f92286157b44ea7aab8a8ab5461055ab11369491d95ec220c9

  • SSDEEP

    24576:S8EBcrb/aIKxTj0odFPa/1JLJepfwoOlvlx:dEByiIS4ou/LJeRHOlvlx

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupPoker.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupPoker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\26500.bat" "C:\Users\Admin\AppData\Local\Temp\WebInstaller_649D572D268044F6B2F240F5DDF21E67\""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\26500.bat
    Filesize

    212B

    MD5

    668767f1e0c7ff2b3960447e259e9f00

    SHA1

    32d8abf834cce72f5e845175a0af2513b00504d8

    SHA256

    cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

    SHA512

    c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WebInstaller_649D572D268044F6B2F240F5DDF21E67\WEBINS~1.LOG
    Filesize

    25KB

    MD5

    d2ee49fe89d597bc7d6cf5f3812226f0

    SHA1

    36218cef3907f316c2a0a0696b1fc874a60755b1

    SHA256

    b80815726c843bfb851139d6d286858bdb678337efb97637016e1b252c8994c7

    SHA512

    a9031bb874fe19b7a4cefd0e8d676aedec7a65df8ff3c884d896d316a724f6ea6624ba86d1001162aa136dd62b420b59ce5e6a9e589d54262bf403af823249ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WebInstaller_649D572D268044F6B2F240F5DDF21E67\WebInstaller_2676.log
    Filesize

    6KB

    MD5

    3b549b3a6cf3952eb69844701f6414c8

    SHA1

    41ee01699749663b82d47c83b81230b2e6754e55

    SHA256

    658d7496e804256660ad227b3fcdd1f6b159498b84aad1ff36661066c99253bd

    SHA512

    2bb6edf6c3b6ec69d6c55ee5c3b19c35709a6a6a34967202ba33e2e3b2adc5addae225ff0474ec3b5eae77fca9a5e7502a47aa8c5eda35ea7f6183484ee127ac

    Download Submit