Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 13:18

General

  • Target

    Setup.exe

  • Size

    2.4MB

  • MD5

    9fb4770ced09aae3b437c1c6eb6d7334

  • SHA1

    fe54b31b0db8665aa5b22bed147e8295afc88a03

  • SHA256

    a05b592a971fe5011554013bcfe9a4aaf9cfc633bdd1fe3a8197f213d557b8d3

  • SHA512

    140fee6daf23fe8b7e441b3b4de83554af804f00ecedc421907a385ac79a63164bd9f28b4be061c2ea2262755d85e14d3a8e7dc910547837b664d78d93667256

  • SSDEEP

    49152:Y8UMSn5cV2N9LNwtQ5gRR+moI1axGbYj6QAl4ImDkg7d5lROCDG5yzlC97W+uJUM:QMS5hN9OtQ5gRjoI8xGbYj6QAl4gg7dF

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\SysWOW64\netsh.exe
      C:\Windows\SysWOW64\netsh.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Windows\SysWOW64\SearchIndexer.exe
        C:\Windows\SysWOW64\SearchIndexer.exe
        3⤵
          PID:2732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\854334e6

      Filesize

      1.0MB

      MD5

      617d58684189e2d9f90129ea238977d3

      SHA1

      7aed26437d5d56612bfe473ffeea3858049de7ca

      SHA256

      0e47882b4968445b488cd4fd783dd16b63caa2e774d9cf6698e2f0fc814e80eb

      SHA512

      f0cae03e25b0e17c11be6b4f4c77580d7ad4681c7ee3f416a0818d27518a4f7b0aae565d4b610afacb43070783d62d475f6264748b9a77746f086ba5429e143d

    • memory/1600-1-0x0000000077740000-0x00000000778E9000-memory.dmp

      Filesize

      1.7MB

    • memory/1600-7-0x0000000074430000-0x00000000745A4000-memory.dmp

      Filesize

      1.5MB

    • memory/1600-6-0x0000000074442000-0x0000000074444000-memory.dmp

      Filesize

      8KB

    • memory/1600-8-0x0000000074430000-0x00000000745A4000-memory.dmp

      Filesize

      1.5MB

    • memory/1600-0-0x0000000074430000-0x00000000745A4000-memory.dmp

      Filesize

      1.5MB

    • memory/2732-17-0x0000000077740000-0x00000000778E9000-memory.dmp

      Filesize

      1.7MB

    • memory/2732-20-0x00000000006FD000-0x0000000000705000-memory.dmp

      Filesize

      32KB

    • memory/2732-19-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

    • memory/2732-18-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

    • memory/2752-11-0x0000000074430000-0x00000000745A4000-memory.dmp

      Filesize

      1.5MB

    • memory/2752-16-0x0000000074430000-0x00000000745A4000-memory.dmp

      Filesize

      1.5MB

    • memory/2752-14-0x0000000074430000-0x00000000745A4000-memory.dmp

      Filesize

      1.5MB

    • memory/2752-13-0x0000000074430000-0x00000000745A4000-memory.dmp

      Filesize

      1.5MB

    • memory/2752-12-0x0000000077740000-0x00000000778E9000-memory.dmp

      Filesize

      1.7MB