115b65c87ae996126b4edbc25fdd576beb6bb744922fd790d29e632ee1d9704c

Analysis

max time kernel
30s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

9.1MB
MD5

09b67452bb412f9bce9a0434b69a6626
SHA1

76f16ef8ca06c97561c3f482d80607ef1d068625
SHA256

115b65c87ae996126b4edbc25fdd576beb6bb744922fd790d29e632ee1d9704c
SHA512

2643dc6407bbcf5b98647739ddf832d68963db548d405b0a75733b5aaf31ec488f0e41b1ae13f33d87b48b8e1774464d885efa1ad1ea4e515b93443f638d4681
SSDEEP

196608:OljBvaAdomjmjEKg8a6McNj1P6N5TM9cZopbOSyZmQOpQv/+:OBvaAemjmjEF6N16N5ubbyoBpQvW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3712	Setup.tmp

Loads dropped DLL 3 IoCs

pid	Process
3712	Setup.tmp
3712	Setup.tmp
3712	Setup.tmp

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1344	3712	WerFault.exe	84

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	3712	Setup.tmp
Token: SeIncBasePriorityPrivilege	3712	Setup.tmp
Token: 33	3712	Setup.tmp
Token: SeIncBasePriorityPrivilege	3712	Setup.tmp
Token: 33	3712	Setup.tmp
Token: SeIncBasePriorityPrivilege	3712	Setup.tmp
Token: 33	3712	Setup.tmp
Token: SeIncBasePriorityPrivilege	3712	Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 3712	4952	Setup.exe	84
PID 4952 wrote to memory of 3712	4952	Setup.exe	84
PID 4952 wrote to memory of 3712	4952	Setup.exe	84

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Users\Admin\AppData\Local\Temp\is-F1MGD.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-F1MGD.tmp\Setup.tmp" /SL5="$A0218,8675083,793600,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 1136
    3⤵
    - Program crash
    PID:1344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3712 -ip 3712
1⤵
PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4CRA0.tmp\FMXInno.dll

Filesize
2.7MB

MD5
13fc1579c8e79e1364c1a676a3e15f05

SHA1
3d5e6eb96d71d2e36fc91cf467deec148ae6fa45

SHA256
25749b0a49c6708c4430cd3481848473bb06a258f2886877eea615f3e9430a9b

SHA512
52929df4e5990c66057e08b8e26e26bb16fe6d98c8a1b3c143a5e3f3353635267999226716587c0acabb3880397deba34add5e43c22143a63523bb4a5a16e732

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4CRA0.tmp\ISArcEx.dll

Filesize
177KB

MD5
e592358d8957f34c2af1b0d3cb25355f

SHA1
7f436a030bd86e8cea5a81998648d332856b52be

SHA256
a752752e4dcabf674760bd79dbb3324888899f46194c677985aef13f7939df73

SHA512
1d1496b7273689db0135629f426cbc73f61d93a9c0bba4a78424e835ddf83bfcab3abb5ac2d2ccd45210efece6db7cc9b6100a43861d168a694d7f2ff723c90e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F1MGD.tmp\Setup.tmp

Filesize
3.0MB

MD5
11ef39deb0bb3c7d52ddafe1fe980ac0

SHA1
f6e2c95ca051dfdc82ab01b47ba7e77faad3a0d0

SHA256
09d0e4b07a1fcba27ad7d3fa6fa9ed15f5423efb8769227379fd0d53676f293d

SHA512
75fbda74cf65c186b2e83a97046fb635cc40d022a196b66aeb9875c6caf0955e49ee4435b56396b2bd00082f0911aeb0b05abb8ee6520cb2aaad0a4ace37ea07

Download Submit
memory/3712-6-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3712-13-0x0000000003610000-0x0000000003646000-memory.dmp

Filesize
216KB

Download
memory/3712-20-0x0000000072FC0000-0x0000000073BFB000-memory.dmp

Filesize
12.2MB

Download
memory/3712-21-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3712-23-0x0000000003610000-0x0000000003646000-memory.dmp

Filesize
216KB

Download
memory/3712-25-0x0000000072FC0000-0x0000000073BFB000-memory.dmp

Filesize
12.2MB

Download
memory/4952-0-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/4952-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4952-26-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads