Overview

overview

3

Static

static

3

Setup.zip

windows11-21h2-x64

1

Setup.exe

windows11-21h2-x64

1

Resubmissions

14-06-2024 17:24

240614-vyrjpazcrg 10

14-06-2024 17:22

240614-vxll2stcqp 10

12-06-2024 23:54

240612-3x2x2awcph 3

Analysis

  • max time kernel
    680s
  • max time network
    692s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-06-2024 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    12KB

  • MD5

    a14e63d27e1ac1df185fa062103aa9aa

  • SHA1

    2b64c35e4eff4a43ab6928979b6093b95f9fd714

  • SHA256

    dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453

  • SHA512

    10418efcce2970dcdbef1950464c4001753fccb436f4e8ba5f08f0d4d5c9b4a22a48f2803e59421b720393d84cfabd338497c0bc77cdd4548990930b9c350082

  • SSDEEP

    192:brl2reIazGejA7HhdSbw/z1ULU87glpK/b26J4S1Xu85:b52r+xjALhMWULU870gJJ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3504
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2396
    • C:\Users\Admin\Desktop\Setup.exe
      "C:\Users\Admin\Desktop\Setup.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Setup.exe.log
      Filesize

      1KB

      MD5

      b4e91d2e5f40d5e2586a86cf3bb4df24

      SHA1

      31920b3a41aa4400d4a0230a7622848789b38672

      SHA256

      5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210

      SHA512

      968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

      Download Submit

    • memory/3504-0-0x000001845F840000-0x000001845F84A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3504-1-0x00007FFE572F3000-0x00007FFE572F5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3504-2-0x00007FFE572F0000-0x00007FFE57DB2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3504-4-0x00007FFE572F0000-0x00007FFE57DB2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4268-6-0x00007FFE56B30000-0x00007FFE575F2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4268-7-0x00007FFE56B30000-0x00007FFE575F2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4268-8-0x00007FFE56B30000-0x00007FFE575F2000-memory.dmp

      Filesize

      10.8MB

      Download