Analysis
-
max time kernel
466s -
max time network
1166s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
15-05-2024 16:18
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
setup.exe
Resource
win11-20240426-en
General
-
Target
setup.exe
-
Size
97KB
-
MD5
542d1a85dfc9d47d2ce73c885aaf2b5e
-
SHA1
018f6821486d6381fd536265732ee954993b6646
-
SHA256
14a89eda72e385f76bf15a7c4fd539c48837cf5df444a16f28c5b94f29799550
-
SHA512
33791b1af030a52148b41d5fe76b241b73847429f21c25c8bf79d2165591aa5af9d873e8f7d6c22d2a74176339840a99c2d7f60520c32127962200ee33a93021
-
SSDEEP
1536:bzquuhIxHHWMpdPa5wiE21M8kJIGFvb1CwP/W+s87SyfQPx00:PqFSwMpdCq/IM8uIGfl/W+s82x00
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 3304 qqq.exe 3912 qqq.tmp -
Loads dropped DLL 1 IoCs
pid Process 3912 qqq.tmp -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3304 wrote to memory of 3912 3304 qqq.exe 82 PID 3304 wrote to memory of 3912 3304 qqq.exe 82 PID 3304 wrote to memory of 3912 3304 qqq.exe 82 PID 1920 wrote to memory of 3876 1920 setup.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Users\Public\Downloads\qqq.exe\??\C:\Users\Public\Downloads\qqq.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3304 -
C:\Users\Admin\AppData\Local\Temp\is-NE69R.tmp\qqq.tmp"C:\Users\Admin\AppData\Local\Temp\is-NE69R.tmp\qqq.tmp" /SL5="$50242,20439558,139776,C:\Users\Public\Downloads\qqq.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3912
-
-
-
C:\Windows\System32\dllhost.exe\??\C:\Windows\System32\dllhost.exe2⤵PID:3876
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5b87639f9a6cf5ba8c9e1f297c5745a67
SHA1ce4758849b53af582d2d8a1bc0db20683e139fcc
SHA256ec8252a333f68865160e26dc95607f2c49af00f78c657f7f8417ab9d86e90bf7
SHA5129626fc4aa4604eee7ededa62b9dc78a3f6fe388eaf1fa6c916a3715b0dff65c417eede156d82398c2400977a36457122565e15e0ed0e435b28cb9f796005c1c0
-
Filesize
149KB
MD557e73855fad786a59893d6581e9fb5b9
SHA1630e52b9e88a05add68401bd62790ed8e2c3282a
SHA2563a7a8aa906c65124c4ee82aacb81d723ce69864ccaf041f631b8131de59e4a88
SHA512be0cf0925535dd667488175f2eac660d1ebf8429ce6725252c59fb70b00fc2f21b1e0b7ce632eaa53337ae25e44c641e13a3df0b415724498d30daf00b296f4d
-
Filesize
20.1MB
MD55537c708edb9a2c21f88e34e8a0f1744
SHA186233a285363c2a6863bf642deab7e20f062b8eb
SHA25626d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b
SHA51235f44c0df4635a1020f52743d7cf3e4346d1bdf9010161326e572250ac93e0285b202532a07d2db8dbc67f6f0ced864083769e904bd5d82611244339ca8d31a1