Overview

overview

9

Static

static

1

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

9

Resubmissions

22-05-2024 12:32

240522-pqnvyabd99 9

22-05-2024 11:59

240522-n5t5tsfh42 9

Analysis

  • max time kernel
    142s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    19.1MB

  • MD5

    34f53da9221434c6348b043bfe5804f2

  • SHA1

    accd7e559edd2bf8841c643e7dc2ef4c3568c8bc

  • SHA256

    36fbd44761d21b9229fe8260f047a3fd4901c3155818b3089f7bf03d183f05d4

  • SHA512

    f8b60f8230b72035eaeb1a1e051b945e2fc2f8323c25a40327b58a14101d134e3fbca0a2940e01955486d3df81cd5f6c8da366382742321e1874f21c850ac8ea

  • SSDEEP

    393216:aI6OdCYRTAGc54PLHn71KPwhuSpbV2AYZxSn1UwOdjVhPoIx4r6B:qmL9AGc54PLJb0Ib4AYZ61N2jX4r6B

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Users\Admin\AppData\Local\Temp\is-GG4N3.tmp\setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GG4N3.tmp\setup.tmp" /SL5="$70120,19198697,792064,C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-GG4N3.tmp\setup.tmp
    Filesize

    3.0MB

    MD5

    f8520510d1b6a61c0100970e8a9a3df6

    SHA1

    4d1732cb5c5fc9255eab5555d623eee35e76165b

    SHA256

    57a8ae7920e79bb62f104c70779b1272d30f61abb784e6fe1aa76e90c163669f

    SHA512

    d8178c2ba60868ef202ef3f3212ae18942b8a6ae05cac77521620df4b0560db8c69aa20e3ec628ba38cca535764a43e5e62c4f2d3ad483f346471e5fd23ac019

    Download Submit
  • memory/2460-2-0x0000000000401000-0x00000000004B7000-memory.dmp
    Filesize

    728KB

    Download
  • memory/2460-0-0x0000000000400000-0x00000000004CF000-memory.dmp
    Filesize

    828KB

    Download
  • memory/2460-9-0x0000000000400000-0x00000000004CF000-memory.dmp
    Filesize

    828KB

    Download
  • memory/2560-8-0x0000000000400000-0x000000000070A000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/2560-10-0x0000000000400000-0x000000000070A000-memory.dmp
    Filesize

    3.0MB

    Download