Overview
overview
10Static
static
3Main_Satup/Setup.exe
windows7-x64
1Main_Satup/Setup.exe
windows10-2004-x64
10Main_Satup...er.dll
windows7-x64
1Main_Satup...er.dll
windows10-2004-x64
1Main_Satup...ay.asp
windows7-x64
3Main_Satup...ay.asp
windows10-2004-x64
3Main_Satup/slavey.svg
windows7-x64
1Main_Satup/slavey.svg
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 08:59
Static task
static1
Behavioral task
behavioral1
Sample
Main_Satup/Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Main_Satup/Setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Main_Satup/WebView2Loader.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Main_Satup/WebView2Loader.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Main_Satup/rockaway.asp
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
Main_Satup/rockaway.asp
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Main_Satup/slavey.svg
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Main_Satup/slavey.svg
Resource
win10v2004-20240426-en
General
-
Target
Main_Satup/Setup.exe
-
Size
1.1MB
-
MD5
c047ae13fc1e25bc494b17ca10aa179e
-
SHA1
e293c7815c0eb8fbc44d60a3e9b27bd91b44b522
-
SHA256
6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf
-
SHA512
0cfb96d23b043bcb954cc307f85e5bbc349c0c8a0c6eaa335ea9a8fa19ce65b047f30ed0049562d40880400d4f70e3bb28975d6970f3ae4af6da1ba06e36d48c
-
SSDEEP
12288:a9hZPq27B7+x3dPC4gvgdVwTzDxsVyY4YoUwpf5kpRG6xsfJAYo2R0B5YD5sW91A:STS27B7+x3E4tdS/Dxkd4YoDfZ90gLS
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
Setup.exetaskmgr.exepid process 1848 Setup.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
taskmgr.exepid process 2876 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 2876 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
taskmgr.exepid process 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
taskmgr.exepid process 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Main_Satup\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Main_Satup\Setup.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2876