f9ce1b548c2a399b5945ffbbd0d3ee96e2b23fcc4aeb0b5057c3d0a5d028d78c

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MicrowindowSearch_setup_07.exe
Size

1.0MB
MD5

e71d17c41b19b3f2345568703cd76616
SHA1

f8bbdcb4655f4693cc134e92ca73e7ee11a2ba53
SHA256

b18c2aa2c1bbceb7a5788eb8e43c84de51614d52d2e2df0483a25b9699b9506b
SHA512

7e6b5d10806c6ace15aeda3e9d6c7205a4042320f63cfb09c5998d92984a48b776b1ed8d982606e8e0ce805ff81fc92f8cab264b99fd156bc5eac61a4f0564b0
SSDEEP

24576:+nvggyun92lXHr7aUJnXa+EMSxe2YhGcN/ETlzvR40tt++/z:+vxZ9Y7aUZa+EMl2YLN/E5rf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2920	MicrowindowSearch_setup_07.tmp

Loads dropped DLL 3 IoCs

pid	Process
2064	MicrowindowSearch_setup_07.exe
2920	MicrowindowSearch_setup_07.tmp
2920	MicrowindowSearch_setup_07.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2920	MicrowindowSearch_setup_07.tmp

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2920	2064	MicrowindowSearch_setup_07.exe	28
PID 2064 wrote to memory of 2920	2064	MicrowindowSearch_setup_07.exe	28
PID 2064 wrote to memory of 2920	2064	MicrowindowSearch_setup_07.exe	28
PID 2064 wrote to memory of 2920	2064	MicrowindowSearch_setup_07.exe	28
PID 2064 wrote to memory of 2920	2064	MicrowindowSearch_setup_07.exe	28
PID 2064 wrote to memory of 2920	2064	MicrowindowSearch_setup_07.exe	28
PID 2064 wrote to memory of 2920	2064	MicrowindowSearch_setup_07.exe	28
PID 2920 wrote to memory of 2248	2920	MicrowindowSearch_setup_07.tmp	29
PID 2920 wrote to memory of 2248	2920	MicrowindowSearch_setup_07.tmp	29
PID 2920 wrote to memory of 2248	2920	MicrowindowSearch_setup_07.tmp	29
PID 2920 wrote to memory of 2248	2920	MicrowindowSearch_setup_07.tmp	29

C:\Users\Admin\AppData\Local\Temp\MicrowindowSearch_setup_07.exe
"C:\Users\Admin\AppData\Local\Temp\MicrowindowSearch_setup_07.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Users\Admin\AppData\Local\Temp\is-PIQ27.tmp\MicrowindowSearch_setup_07.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PIQ27.tmp\MicrowindowSearch_setup_07.tmp" /SL5="$40156,804008,54272,C:\Users\Admin\AppData\Local\Temp\MicrowindowSearch_setup_07.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\del_bat.cmd""
    3⤵
    PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\del_bat.cmd

Filesize
228B

MD5
111d66908067e61c524ab53e5bb1c938

SHA1
c61babab467000e89fa3ea31b05799d4569a80f3

SHA256
1e80eb031828610360555791059215f2531a97c3e62d6609dfaf9dad82ed2f0b

SHA512
d85aee3aa01871b502be73ede6230db3aefa53f9e6c56ffc7205d3338230e7ac581f6427a58c60ba595c30ac87a84bc5eaa4f53ba969e412d4a47b3469811ac9

Download Submit
\Users\Admin\AppData\Local\Temp\is-6T1TI.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-PIQ27.tmp\MicrowindowSearch_setup_07.tmp

Filesize
692KB

MD5
702f91cfd24b0babf09e67a539341b9d

SHA1
e20612a6850f5b8c4ded2ff0d96b10fabb5a6761

SHA256
1a39c23bfb54fbb9c37a66caeac768d644b104a9a9f524670d1b6000c3301ba2

SHA512
26278b4cca1b6b32b937716898fd62248c119fa8aac1d1016c15fcdc16920677298b4c199e4471ebc0de1346b83209b2ec70b412c9246d3a18d2bcaf11fd56f0

Download Submit
memory/2064-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2064-3-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2064-18-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2920-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2920-19-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2920-22-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads