Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
08/05/2024, 20:54
Behavioral task
behavioral1
Sample
1tion/setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1tion/setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
cashstrafe/2.3setup.exe
Resource
win7-20240508-en
General
-
Target
cashstrafe/2.3setup.exe
-
Size
15.6MB
-
MD5
6a109e709c03acd33a5619f46d4857fc
-
SHA1
7cbdcb9c10b28d509d43c0c33f3fe524f0f19b09
-
SHA256
48dfb6defced66346ed09174e4c62aa36f7006c39ce7ee57d4e7f3684cb3c629
-
SHA512
ec2698bca6e9de2482f1dd45213ce21b28bd8cd17f16bf7d1e4a9015682e8eda7d4d124208578d71c2930b00031515f5b90a47cf4fa44377fcb198cfcb0c7577
-
SSDEEP
393216:7h9S2nnx837XfZh2Jp5MLurEUWjljEh01tGymWX8Wjs+da:d9Dnxq7BhpdbJ91symJes+da
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2600 2.3setup.exe -
resource yara_rule behavioral3/files/0x000500000001a4f1-89.dat upx behavioral3/memory/2600-91-0x000007FEF57B0000-0x000007FEF5E89000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2140 wrote to memory of 2600 2140 2.3setup.exe 29 PID 2140 wrote to memory of 2600 2140 2.3setup.exe 29 PID 2140 wrote to memory of 2600 2140 2.3setup.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\cashstrafe\2.3setup.exe"C:\Users\Admin\AppData\Local\Temp\cashstrafe\2.3setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Users\Admin\AppData\Local\Temp\cashstrafe\2.3setup.exe"C:\Users\Admin\AppData\Local\Temp\cashstrafe\2.3setup.exe"2⤵
- Loads dropped DLL
PID:2600
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD52889fb28cd8f2f32997be99eb81fd7eb
SHA1adfeb3a08d20e22dde67b60869c93291ca688093
SHA256435430e3abfde589d8535bc24a4b1d4147a4971dbe59e9377603974c07a1b637
SHA512aaa33b8178a8831008ea6ad39b05189d55aa228a20a2315e45df6e2ff590c94478cfc76c9adb762689edb021ecdf98df3e7074d8d65c1c477273056b7509f8ee