808ccd81cbb014df3475fa04ffc0fae33470a6d2279052dce33349f208558100

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

641KB
MD5

8a84b4dc87d6b0d71e58cf740d75ea00
SHA1

8eb3fdeb16a22ba1e23d52b8bc5c8e3663639a38
SHA256

1b03882bf3fdad91b017ba326de55c9f22ed0535e41be546494b9f92344169f5
SHA512

cb62a62eca91bde50430a8e398aee1fb1c6d9e2b0d555261c667204f951188b5e0ff1b33507c2e2e72a09a95b1819486fbe595b41dac9b11398f4c9d863d7052
SSDEEP

3072:oUgaW3b8if8eT/eFiKjCi1Ju2oYzTnf91wufzFBm:oUglb8iv/ooM3B

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 1680	2340	setup.exe	28
PID 2340 wrote to memory of 1680	2340	setup.exe	28
PID 2340 wrote to memory of 1680	2340	setup.exe	28
PID 2340 wrote to memory of 1680	2340	setup.exe	28
PID 2340 wrote to memory of 1680	2340	setup.exe	28
PID 2340 wrote to memory of 1680	2340	setup.exe	28
PID 2340 wrote to memory of 1680	2340	setup.exe	28

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2340SKEF.bat" "C:\Users\Admin\AppData\Local\Temp\setup.exe""
  2⤵
  PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\DPInst.xml

Filesize
897B

MD5
598813c3bf618194a85dd187892482af

SHA1
ed00e550823dd598ff78860aca41a19b0fb43d18

SHA256
20e2f4dba4b228bb16aa61584d4b793a584b0637252a3661d7846044935c72a0

SHA512
063443869038042e0e80f88ad9af32748a5852ff34ec4af3e64523c1aac506693149166a922289b86b8d87abac768e45338a23349fe8d3fae56367266d36999c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2340SKEF.bat

Filesize
271B

MD5
fc4db489fb5db72228b95feeb8f8a9e9

SHA1
80158c54454d0f8fcae73ddd94930664756cccd6

SHA256
11aa73fe8c86613ef781c6db3bc295ed060b0b91f47ad1bffd069d5ba8f8eeb4

SHA512
4633f698b6c5346a71eaac0e50c9e469cd391f56502a2044906a81fd43665c7d9aad2d04ceb9e5ebe7ff035c2e9be3996950cc1c828b55b22d18b4a5e70f839c

Download Submit
C:\Users\Admin\AppData\Local\Watermark.bmp

Filesize
485KB

MD5
70179489c0b14f2115afdfc2d37612b8

SHA1
808537544145aafb4a18345a5676e856098ec3a9

SHA256
819d938d9ee2c55706a32b55830d46970b67cda62eb3ae60629dd821cb52cba8

SHA512
edc3f3e7e5fe5bdf9cfdd5933a82c9016c2a34a8649599aed22addb02e5459463ba2b05028f202b12385e976d7beb1fb129e5d5814893f4c3a9600d07fceb1a6

Download Submit
C:\Users\Admin\AppData\Local\header.bmp

Filesize
10KB

MD5
5adc414f80109f45ad76fc66ea5ec976

SHA1
60d9bcdb86933f895ed7f6aba04b04044a972334

SHA256
24dbb67207c3d5fb57c0d4522a0c0d33dfb0ecc365f069db104d3f5b15784ec1

SHA512
e2a415c4b83d1d826b14b4963c9c5aeafb8d068dd5828e824b2caa24ef5de5ae96f5648f367d455e3bb4138a50c067320f566a9be5a82bd5c6934545447bab1a

Download Submit
memory/2340-32-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads