Overview

overview

3

Static

static

3

AVProVideo.dll

windows7-x64

1

AVProVideo.dll

windows10-2004-x64

1

ClientAPI.dll

windows7-x64

3

ClientAPI.dll

windows10-2004-x64

3

FastDllC.dll

windows7-x64

1

FastDllC.dll

windows10-2004-x64

1

GLES_CM.dll

windows7-x64

1

GLES_CM.dll

windows10-2004-x64

1

InstallUtils.dll

windows7-x64

3

InstallUtils.dll

windows10-2004-x64

3

KeyLib.dll

windows7-x64

3

KeyLib.dll

windows10-2004-x64

3

NISEC_Reg.exe

windows7-x64

1

NISEC_Reg.exe

windows10-2004-x64

1

Prndriver.dll

windows7-x64

1

Prndriver.dll

windows10-2004-x64

1

System.dll

windows7-x64

3

System.dll

windows10-2004-x64

3

TWAIN.dll

windows7-x64

1

TWAIN.dll

windows10-2004-x64

1

ZfUninstall.dll

windows7-x64

1

ZfUninstall.dll

windows10-2004-x64

3

_CD91326D3...24.dll

windows7-x64

1

_CD91326D3...24.dll

windows10-2004-x64

1

_DC6FF09E2...49.exe

windows7-x64

1

_DC6FF09E2...49.exe

windows10-2004-x64

1

ldcam.exe

windows7-x64

1

ldcam.exe

windows10-2004-x64

1

setup.exe

windows7-x64

1

setup.exe

windows10-2004-x64

1

sharp-win32-ia32.dll

windows7-x64

1

sharp-win32-ia32.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    641KB

  • MD5

    8a84b4dc87d6b0d71e58cf740d75ea00

  • SHA1

    8eb3fdeb16a22ba1e23d52b8bc5c8e3663639a38

  • SHA256

    1b03882bf3fdad91b017ba326de55c9f22ed0535e41be546494b9f92344169f5

  • SHA512

    cb62a62eca91bde50430a8e398aee1fb1c6d9e2b0d555261c667204f951188b5e0ff1b33507c2e2e72a09a95b1819486fbe595b41dac9b11398f4c9d863d7052

  • SSDEEP

    3072:oUgaW3b8if8eT/eFiKjCi1Ju2oYzTnf91wufzFBm:oUglb8iv/ooM3B

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4048
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\40482XX6.bat" "C:\Users\Admin\AppData\Local\Temp\setup.exe""
      2⤵
        PID:3940
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3252

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\DPInst.xml
        Filesize

        897B

        MD5

        598813c3bf618194a85dd187892482af

        SHA1

        ed00e550823dd598ff78860aca41a19b0fb43d18

        SHA256

        20e2f4dba4b228bb16aa61584d4b793a584b0637252a3661d7846044935c72a0

        SHA512

        063443869038042e0e80f88ad9af32748a5852ff34ec4af3e64523c1aac506693149166a922289b86b8d87abac768e45338a23349fe8d3fae56367266d36999c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\40482XX6.bat
        Filesize

        271B

        MD5

        fc4db489fb5db72228b95feeb8f8a9e9

        SHA1

        80158c54454d0f8fcae73ddd94930664756cccd6

        SHA256

        11aa73fe8c86613ef781c6db3bc295ed060b0b91f47ad1bffd069d5ba8f8eeb4

        SHA512

        4633f698b6c5346a71eaac0e50c9e469cd391f56502a2044906a81fd43665c7d9aad2d04ceb9e5ebe7ff035c2e9be3996950cc1c828b55b22d18b4a5e70f839c

        Download Submit

      • C:\Users\Admin\AppData\Local\Watermark.bmp
        Filesize

        485KB

        MD5

        70179489c0b14f2115afdfc2d37612b8

        SHA1

        808537544145aafb4a18345a5676e856098ec3a9

        SHA256

        819d938d9ee2c55706a32b55830d46970b67cda62eb3ae60629dd821cb52cba8

        SHA512

        edc3f3e7e5fe5bdf9cfdd5933a82c9016c2a34a8649599aed22addb02e5459463ba2b05028f202b12385e976d7beb1fb129e5d5814893f4c3a9600d07fceb1a6

        Download Submit

      • C:\Users\Admin\AppData\Local\header.bmp
        Filesize

        10KB

        MD5

        5adc414f80109f45ad76fc66ea5ec976

        SHA1

        60d9bcdb86933f895ed7f6aba04b04044a972334

        SHA256

        24dbb67207c3d5fb57c0d4522a0c0d33dfb0ecc365f069db104d3f5b15784ec1

        SHA512

        e2a415c4b83d1d826b14b4963c9c5aeafb8d068dd5828e824b2caa24ef5de5ae96f5648f367d455e3bb4138a50c067320f566a9be5a82bd5c6934545447bab1a

        Download Submit

      • memory/4048-15-0x0000000000400000-0x00000000004A4000-memory.dmp

        Filesize

        656KB

        Download

      • memory/4048-16-0x0000000000400000-0x00000000004A4000-memory.dmp

        Filesize

        656KB

        Download