Overview

overview

7

Static

static

1

findmac_setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    findmac_setup.exe

  • Size

    6.0MB

  • MD5

    cd0a01ce6cdbecfe434f9e27cbfe5105

  • SHA1

    c7915209d41ef8e7a3a7c14be68912b4f8e24e8b

  • SHA256

    5826b84f383c853c48789c3b953aa980c6a6be17632ad0e7bb7eaa5c5b4a5f78

  • SHA512

    a04ec3fe1a05a0713bd277a17d3db2ad0bf8141780795f4f43733657f4985a34bd068f0e6f2d6c09f7dd7fce840741391aa017c47e30e290177c9dac1d99aed9

  • SSDEEP

    98304:DkLaDqneB8Ta6WT5cO1WQ02kNMMmeBNeCntMV7aawK1Ym0SucTbOzLMfT:oZFWTjIMMjezVrwx3SuKb5

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\findmac_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\findmac_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\is-TIKRE.tmp\findmac_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TIKRE.tmp\findmac_setup.tmp" /SL5="$70180,5420742,832512,C:\Users\Admin\AppData\Local\Temp\findmac_setup.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:324
      • C:\Program Files (x86)\LizardSystems\Find MAC Address\findmac.exe
        "C:\Program Files (x86)\LizardSystems\Find MAC Address\findmac.exe"
        3⤵
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\Default\options.xml
    Filesize

    1KB

    MD5

    d6747eeea5f7efc13de132c8207d35eb

    SHA1

    de1b68c1bd056657232e4a014bfde566d1f889b5

    SHA256

    cbfe1942d02ce0cf84ecec88e301a0903b88fe7fbcecf7a5133dc78e2b2fdb22

    SHA512

    ef3d997bc1664ec6eb78a003b7f56f2c6269ce9201b7c21d6b93f98ecf783465a4eecdfaf7bfdd3408b93b45a84c4ac75c23a6f0f5936fe4b08bb47e9622f472

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\Default\presets.xml
    Filesize

    568B

    MD5

    f0bdfdd8a460c9d2157fe70e48e3dcbf

    SHA1

    3c525b18c5c4e8bc4cee8877a7640bb574fdfc7a

    SHA256

    03a0ce03fe0541b54d377de38b475452c3df291de3935bb996001a415bbf0011

    SHA512

    e37a7ecb1e83a56d7c96d9a4cad065a259dfee716061f497e5a3276817d9d2023d9e6b38ebed26cd43d711a5c323bf44a45e36c4efe2af15cb2b801d4cab8ab4

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\Default\tools.xml
    Filesize

    3KB

    MD5

    40d2208fc69203274116c9e3077f7c21

    SHA1

    017d1da6e22acec134da64fe41215d8b7e55ddac

    SHA256

    5068330b013bc80b2ab1a312796606dfcd1c96a6e92e756f0a2a36b80ffd2cba

    SHA512

    82c0d00f39719e07441bbae62abc0db2a1d696026ee2f308f69114c960aaa20451d7b4a483c9bfafd684c9bc1b3ac166f2c088377095d2f27d3bebe5758d670c

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\findmac.exe
    Filesize

    2.8MB

    MD5

    401240b5cffc7de9b3798fbf82017985

    SHA1

    f27ab2918f4e4a151dfe10be54450a88b3ea4f6b

    SHA256

    6e3cd2dce6f271ec73642f8723c4a257c4c3bda6dbbc275e097bd181bcb5f288

    SHA512

    89e6d9a5a30540880aabc18f44493fd4a0a2f30ada3e130294c45ec8a6e8ff06220910dd6b933465fe9b3a27b7b2e23167b05c46f8bfaf7b11b69fda9f9c8491

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\languages\French.lng
    Filesize

    24KB

    MD5

    1c852ef0bfa3479f4909852c5bfc3c83

    SHA1

    48a51c435209b8b167efec58866689d6371f4d87

    SHA256

    afdcc83681720dc4818e74447a8de7fe69723346491cc9bf7fb8c706c4a3b5cb

    SHA512

    999e512ca2e2d4d25cdc45757c81263e92a57c275f6b7ab1bbc341de6beab96cb3c4f4605bd3097510c6446c8123227056e38709c263142b7698f0724a5d9043

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\languages\German.lng
    Filesize

    23KB

    MD5

    61909c6ce1f58fe8479f44cad2dc8a98

    SHA1

    0a760fc5a3ddcfa4d64d92a3004996e1fceae7c1

    SHA256

    d8dd4eba64c830798ef2902cd1df840ce6dad126291afc47b7ce81413663d1d9

    SHA512

    cbb5bb6beb42d870ce8b6ccf2484fbff4dc1bd1e8926f5b7a9635e2b7a51096d4645be74808d4657ee62b1418acfde7bcc3455f0e0d302a65a3060102ce9ecf8

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\languages\Italian.lng
    Filesize

    24KB

    MD5

    f19d8bd7fe8cee91dfad24007df6ed11

    SHA1

    fc326e12431a9c03bdd789e018655da8b1d0d240

    SHA256

    5fc497f7c6937296744badd0bb823d986d11f5b8966789e0bcedf6c1e8ae5a04

    SHA512

    607d553fca29c096fd0b99519b157a083f3da2e576760270a0a7a7ad63af11187358db6140b8a57bb7a12d9c1e83bfc753e8c0d994a6950fbe06e4e18c58928b

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\languages\Polish.lng
    Filesize

    23KB

    MD5

    4b594b476bd414ced5675987971da26a

    SHA1

    79d1aed46697906b3d33c9d315540ddcbf510dbe

    SHA256

    b8edf715bfa483df7260db90572e9b7e931bdbe26ed073886bee9df838a687a1

    SHA512

    f71aac7d13f54f0a9b603e3c8d8925c99b88e6832822d4d5bbe274460fec8484cb061408e8b06a3281b5964a7e9342a85781d6494735780206ba2a572813dd39

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\languages\Russian.lng
    Filesize

    23KB

    MD5

    74a7b31c57cd64794508a2aa70cbbc24

    SHA1

    b2c3cf12789f8fbd97566f71e696771e25b87c95

    SHA256

    78a5c940566a104e32d361b95eebc8764ec3852b6a3a5077b1d19daf5da053a4

    SHA512

    ff22d4c5d7215ea858582649a4166e6443cff72bdf5d20133ed7d5fd6b3b26f6b213d24ed0a1e5e27f9befe8dbeaae0a2dbe966d90bfc9c34f3a48abf524f01d

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\languages\Slovenian.lng
    Filesize

    23KB

    MD5

    0ef289203d19669ee9d74ed0d3a6a1d7

    SHA1

    4b08914efeab4d961eef3243f20477e3405e7ad9

    SHA256

    84cc780ad1232cf4e67fbc67c762d32c57b8e7e69af22e1c02843a9b4b441ecc

    SHA512

    abb6b65bbc1690a3978493a62f6f1a937a25fcde231e1987ef2bbf5e33151004292457b74e7b0f4de5e1354223215909e508f416e026b744deb428c9406fd083

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\languages\Turkish.lng
    Filesize

    22KB

    MD5

    baba4772606fd01211f17f72638340df

    SHA1

    3f491672d179499ba07d7b86e9e6bdf06bbcd7ac

    SHA256

    afd5e2b48f5170018297e82bfd069633f9b89c1a2a1bdc5e87d15bc217e53d5f

    SHA512

    760a5508545ace79eb0cf01445245d1d4f7222c8f4014383f2b50c5868bf17fd834b8053b2be5b88fb7503097e89d1b6d732e1b44fdd6c6f67b854c872fccd35

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\sqlite3.dll
    Filesize

    1.1MB

    MD5

    a7eb9b964f90ea00cf72bf95cfd158d2

    SHA1

    cdb4228ed69ab2f98cc7076d0055ed40405e24a9

    SHA256

    1690b0f6f2904ae8f356e0624b3f149c175dab44365aa02420976f92bfdfe43f

    SHA512

    cadccf80ab18edb0365a8c11f453ef28935788be7de4bfc3fb435aaa8b1dfe9d9b827e8622b008ac896a42da75c7069365bc4b4996661d8f2c14baf35e56c21f

    Download Submit

  • C:\Program Files (x86)\LizardSystems\Find MAC Address\vendors.db
    Filesize

    8.1MB

    MD5

    74839e100d020e9d24827fb7a4c45723

    SHA1

    499e5c1230e7af87d3ff1bb7c2a6670f330375c9

    SHA256

    d3b761c2be28d00bbcbd7ad6a4ead351b7d7a3d8d566b5f6facb88b48fca4f16

    SHA512

    71a1b8f1882abd9ee246c69d19f2e23727e812cdfce41c9b415f79cb7f81d90e9d020f6c78dc8c8226e5a4c4a1c4507a672d238392cf2601cff64defd9cd3408

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-TIKRE.tmp\findmac_setup.tmp
    Filesize

    3.1MB

    MD5

    f8bdd9c98feedfb13f2758ce8680e3b4

    SHA1

    cb079e7c5aaeac7319f6e46dc88f64f02cd3e54d

    SHA256

    5e9ba92372d6272f7c4be212565f6f9b6bce5ed07b65205667398b7133ec95ea

    SHA512

    29f235cf36b2815eda6cba0e0c45121e95bdf8715bd890e5590cbca857aae3dc6e19f126afd184b9620f3d6ef9be1df682a099d53caf1abf3ca2dc5d60a2f4ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\LizardSystems\Find MAC Address\languages\English.lng
    Filesize

    22KB

    MD5

    a0cb631e15fdfdbafc8d3027f7652ee9

    SHA1

    bcc81e8d8ecb53b0d492e58be7228b61fef8550f

    SHA256

    12754731fa0da37cf712c75196dfed6f5f20a661c4dc273d8d52a9775f34702e

    SHA512

    312452cb0608d9ec16da33d0c33961e7979cc5d5d67ff9a58079ce340e5e61796a77e13f64903f0cc3f98b94254605e84adbef809d866b6ebbfd6134e5ce0280

    Download Submit

  • memory/324-60-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/324-9-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/324-85-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/324-6-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/324-11-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2276-87-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-417-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-430-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/2276-93-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-92-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-89-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-431-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-81-0x0000000002660000-0x00000000027B0000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2276-75-0x0000000002660000-0x00000000027B0000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2276-73-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-428-0x0000000002660000-0x00000000027B0000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2276-165-0x0000000002660000-0x00000000027B0000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2276-411-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/2276-410-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-413-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-415-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2276-94-0x0000000002660000-0x00000000027B0000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2276-421-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/2276-420-0x0000000000400000-0x0000000000855000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2852-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2852-0-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2852-8-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2852-86-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download