ec175ebd158f304483c4b83baeae9087de2441dcacf034e4651ff6f91908c671

Analysis

max time kernel
1791s
max time network
1589s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
26-05-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

5.0MB
MD5

caac5a53470b5954a50128e9435ef196
SHA1

b1b44b0503e10928ae6ce640bd16103f877eab50
SHA256

ec175ebd158f304483c4b83baeae9087de2441dcacf034e4651ff6f91908c671
SHA512

0eba886c8a77f983b554e9a8c162af80195b6fcfe8ef4af9c9437d4a31b4ca4c59ce451a9bfe86033b60c297f68652d4b8cc86788794b9eb515f417ab55bda9c
SSDEEP

98304:7kL3mhPAI7wCOscLj29ywLe3CV1OorsfKXUlYhvFGAJsAQa+:wW8CcPDwLQCVNrsf6qk7JpQf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4872	Setup.tmp

Loads dropped DLL 2 IoCs

pid	Process
4872	Setup.tmp
4872	Setup.tmp

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4872	Setup.tmp
4872	Setup.tmp
4872	Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 4872	2368	Setup.exe	73
PID 2368 wrote to memory of 4872	2368	Setup.exe	73
PID 2368 wrote to memory of 4872	2368	Setup.exe	73

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\is-2E7RS.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2E7RS.tmp\Setup.tmp" /SL5="$1201F4,3940425,902656,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2E7RS.tmp\Setup.tmp

Filesize
3.1MB

MD5
39338b58cb777ed571a7ee2b4acae4e2

SHA1
85b059ea3ed9d86946f806fb256437697e9f4889

SHA256
fe2cfd99de1affbb1e18339f0eea055d925781cfa4c94507e802110f52e22f7d

SHA512
b3802d39877595f24a6907765655a5cc197c9de1e922e1ef7f006de83749ac242e7ffd6c27ab26a6e2e8efb3d49192dc3cf409d33d668f75c5b35f6d73941023

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7JGRV.tmp\Settings.ini

Filesize
14KB

MD5
8854b82d0bf7c385d3b3c77af6a18a46

SHA1
ffc031bf912e591bc4dcb901847c9cb5ea77e108

SHA256
cdff966659bfdc51e28b55fc13410fcc9bcc11b6ba4573e612b3d6dc4e372512

SHA512
3e1905889f2aed208f28b0a56c22bd2b6018e635a5c3d8840819f61d82167206ace56c301a6bfc85901cad8fd9f59828921e48f9de4fc5a95127a7bdd430511e

Download Submit
\Users\Admin\AppData\Local\Temp\is-7JGRV.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/2368-0-0x0000000000400000-0x00000000004EA000-memory.dmp

Filesize
936KB

Download
memory/2368-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2368-109-0x0000000000400000-0x00000000004EA000-memory.dmp

Filesize
936KB

Download
memory/4872-6-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/4872-15-0x00000000058F0000-0x0000000005C0A000-memory.dmp

Filesize
3.1MB

Download
memory/4872-18-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-19-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-17-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/4872-22-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-21-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-26-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/4872-40-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-76-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-75-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-74-0x0000000005DB0000-0x0000000005DB1000-memory.dmp

Filesize
4KB

Download
memory/4872-73-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-72-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-71-0x0000000005DA0000-0x0000000005DA1000-memory.dmp

Filesize
4KB

Download
memory/4872-70-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-69-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-68-0x0000000005D90000-0x0000000005D91000-memory.dmp

Filesize
4KB

Download
memory/4872-67-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-66-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-65-0x0000000005D80000-0x0000000005D81000-memory.dmp

Filesize
4KB

Download
memory/4872-64-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-62-0x0000000005D70000-0x0000000005D71000-memory.dmp

Filesize
4KB

Download
memory/4872-61-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-60-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-59-0x0000000005D60000-0x0000000005D61000-memory.dmp

Filesize
4KB

Download
memory/4872-58-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-57-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-56-0x0000000005D50000-0x0000000005D51000-memory.dmp

Filesize
4KB

Download
memory/4872-54-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-53-0x0000000005D40000-0x0000000005D41000-memory.dmp

Filesize
4KB

Download
memory/4872-52-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-51-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-50-0x0000000005D30000-0x0000000005D31000-memory.dmp

Filesize
4KB

Download
memory/4872-49-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-47-0x0000000005D20000-0x0000000005D21000-memory.dmp

Filesize
4KB

Download
memory/4872-46-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-45-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-44-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/4872-43-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-42-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-41-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download
memory/4872-39-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-38-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/4872-37-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-36-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-34-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-33-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-63-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-32-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/4872-31-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-55-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-30-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-48-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-29-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/4872-28-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-27-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-25-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-24-0x00000000034F0000-0x0000000003630000-memory.dmp

Filesize
1.2MB

Download
memory/4872-35-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/4872-23-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/4872-20-0x0000000003660000-0x0000000003661000-memory.dmp

Filesize
4KB

Download
memory/4872-79-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/4872-80-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/4872-81-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/4872-82-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/4872-108-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/4872-112-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download