Overview

overview

7

Static

static

3

EVDsetup/#...VC.url

windows7-x64

6

EVDsetup/#...VC.url

windows10-2004-x64

3

EVDsetup/#...��.url

windows7-x64

1

EVDsetup/#...��.url

windows10-2004-x64

1

EVDsetup/EVDsetup.exe

windows7-x64

7

EVDsetup/EVDsetup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 12:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    EVDsetup/EVDsetup.exe

  • Size

    1.7MB

  • MD5

    07b414c2329beb9bf041342e3ed7235f

  • SHA1

    82af12c5963cb7f30fac0cdd6719578ed8fb715b

  • SHA256

    4073e1d8d1951e4e10554cabbc5e01e60f3d6f843fe7ceb382bad18927efe521

  • SHA512

    10079a875f8820da8857a14af67dacee99f5597e4df2aa36766111cc24f64e627d134869745deb553920ea1bb096829755db1bfb1cb809fe78a1daa75faf56fc

  • SSDEEP

    24576:L7FUDowAyrTVE3U5FCaJRtkL44IHt9ZXu+ZIJo8x8hkiHNckvwyhaumwE7tUv:LBuZrEUJJR+aHfZaD4oybgx6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EVDsetup\EVDsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\EVDsetup\EVDsetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Users\Admin\AppData\Local\Temp\is-B4AIL.tmp\EVDsetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-B4AIL.tmp\EVDsetup.tmp" /SL5="$5014E,973396,818176,C:\Users\Admin\AppData\Local\Temp\EVDsetup\EVDsetup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1968

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-B4AIL.tmp\EVDsetup.tmp
          Filesize

          3.0MB

          MD5

          1fa430ad935819abb704d85ebf051c9f

          SHA1

          cc391b40147ebda2120c59c94bf31e54e6472755

          SHA256

          24d9767b7f11ceb3cab54bbbee6eed2b5e8a55072dd0b96888d86f367c74ba51

          SHA512

          5c7fc992459cc6a2db3e8943c745cc01e14571097fcea0303b5eeab5c40df4b03ed5771a3e7ae6b911b47705fcac31034379a5810087c8e86fbbf9bf0f6ef94d

          Download Submit

        • memory/1256-2-0x0000000000401000-0x00000000004B7000-memory.dmp

          Filesize

          728KB

          Download

        • memory/1256-0-0x0000000000400000-0x00000000004D5000-memory.dmp

          Filesize

          852KB

          Download

        • memory/1256-10-0x0000000000400000-0x00000000004D5000-memory.dmp

          Filesize

          852KB

          Download

        • memory/1968-8-0x0000000000400000-0x0000000000711000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/1968-11-0x0000000000400000-0x0000000000711000-memory.dmp

          Filesize

          3.1MB

          Download