f27b11f51ef1892151a61f4e1376a28da4d23fc6e96e879fd585fa2b7606bd87

Analysis

max time kernel
462s
max time network
875s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15/05/2024, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

97KB
MD5

542d1a85dfc9d47d2ce73c885aaf2b5e
SHA1

018f6821486d6381fd536265732ee954993b6646
SHA256

14a89eda72e385f76bf15a7c4fd539c48837cf5df444a16f28c5b94f29799550
SHA512

33791b1af030a52148b41d5fe76b241b73847429f21c25c8bf79d2165591aa5af9d873e8f7d6c22d2a74176339840a99c2d7f60520c32127962200ee33a93021
SSDEEP

1536:bzquuhIxHHWMpdPa5wiE21M8kJIGFvb1CwP/W+s87SyfQPx00:PqFSwMpdCq/IM8uIGfl/W+s82x00

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4928	qqq.exe
320	qqq.tmp

Loads dropped DLL 1 IoCs

pid	Process
320	qqq.tmp

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 320	4928	qqq.exe	74
PID 4928 wrote to memory of 320	4928	qqq.exe	74
PID 4928 wrote to memory of 320	4928	qqq.exe	74
PID 864 wrote to memory of 1396	864	setup.exe	75

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Users\Public\Downloads\qqq.exe
  \??\C:\Users\Public\Downloads\qqq.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4928
- - C:\Users\Admin\AppData\Local\Temp\is-9CDN3.tmp\qqq.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-9CDN3.tmp\qqq.tmp" /SL5="$A0116,20439558,139776,C:\Users\Public\Downloads\qqq.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:320
- C:\Windows\System32\dllhost.exe
  \??\C:\Windows\System32\dllhost.exe
  2⤵
  PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-9CDN3.tmp\qqq.tmp

Filesize
1.1MB

MD5
b87639f9a6cf5ba8c9e1f297c5745a67

SHA1
ce4758849b53af582d2d8a1bc0db20683e139fcc

SHA256
ec8252a333f68865160e26dc95607f2c49af00f78c657f7f8417ab9d86e90bf7

SHA512
9626fc4aa4604eee7ededa62b9dc78a3f6fe388eaf1fa6c916a3715b0dff65c417eede156d82398c2400977a36457122565e15e0ed0e435b28cb9f796005c1c0

Download Submit
C:\Users\Public\Downloads\qqq.exe

Filesize
20.1MB

MD5
5537c708edb9a2c21f88e34e8a0f1744

SHA1
86233a285363c2a6863bf642deab7e20f062b8eb

SHA256
26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b

SHA512
35f44c0df4635a1020f52743d7cf3e4346d1bdf9010161326e572250ac93e0285b202532a07d2db8dbc67f6f0ced864083769e904bd5d82611244339ca8d31a1

Download Submit
\Users\Admin\AppData\Local\Temp\is-38P2T.tmp\aips_is_install_dll.dll

Filesize
149KB

MD5
57e73855fad786a59893d6581e9fb5b9

SHA1
630e52b9e88a05add68401bd62790ed8e2c3282a

SHA256
3a7a8aa906c65124c4ee82aacb81d723ce69864ccaf041f631b8131de59e4a88

SHA512
be0cf0925535dd667488175f2eac660d1ebf8429ce6725252c59fb70b00fc2f21b1e0b7ce632eaa53337ae25e44c641e13a3df0b415724498d30daf00b296f4d

Download Submit
memory/320-20-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/864-18-0x00007FFEFDCF0000-0x00007FFEFF261000-memory.dmp

Filesize
21.4MB

Download
memory/1396-30-0x000002528DF30000-0x000002528DF7C000-memory.dmp

Filesize
304KB

Download
memory/1396-31-0x000002528E1D0000-0x000002528E229000-memory.dmp

Filesize
356KB

Download
memory/1396-37-0x000002528DF60000-0x000002528DF64000-memory.dmp

Filesize
16KB

Download
memory/1396-42-0x000002528E1D0000-0x000002528E229000-memory.dmp

Filesize
356KB

Download
memory/1396-47-0x000002528E1D0000-0x000002528E229000-memory.dmp

Filesize
356KB

Download
memory/1396-56-0x000002528E1D0000-0x000002528E229000-memory.dmp

Filesize
356KB

Download
memory/1396-63-0x000002528E1D0000-0x000002528E229000-memory.dmp

Filesize
356KB

Download
memory/1396-68-0x000002528E1D0000-0x000002528E229000-memory.dmp

Filesize
356KB

Download
memory/1396-77-0x000002528E1D0000-0x000002528E229000-memory.dmp

Filesize
356KB

Download
memory/4928-19-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4928-2-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4928-5-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads