ea009130903768b9752cab141c8ca13c27f11b66d0408e383092c6afca7168d4

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

673.3MB
MD5

2367d8e68c0dfa92245e74b6b00ab628
SHA1

7e88ced74bd427c8ede9c9a2515299755abf95d6
SHA256

585c3de663601b57595ee5bdfa730fc856d2d5cd9253fc1b105f11467dc1b557
SHA512

e594bebd880a647526fbe1719890ac8bdd43420fdadd1a1a72ede59f85919a20962d422e2e074f322bd1eb0593220759e5d666a2cb2230dbead66097bb2dc998
SSDEEP

196608:Aq2xoeoAhPFegGSGXaRGSQO7BPlAJ1mfk5quUz5u5vrHOX:QxoeoAAXoJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2056	more.com
2676	Eoin.pif

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2300 set thread context of 2056	2300	Setup.exe	28

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2300	Setup.exe
2300	Setup.exe
2056	more.com
2056	more.com

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2300	Setup.exe
2056	more.com

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2300	Setup.exe
2300	Setup.exe
2300	Setup.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2056	2300	Setup.exe	28
PID 2300 wrote to memory of 2056	2300	Setup.exe	28
PID 2300 wrote to memory of 2056	2300	Setup.exe	28
PID 2300 wrote to memory of 2056	2300	Setup.exe	28
PID 2300 wrote to memory of 2056	2300	Setup.exe	28
PID 2056 wrote to memory of 2676	2056	more.com	30
PID 2056 wrote to memory of 2676	2056	more.com	30
PID 2056 wrote to memory of 2676	2056	more.com	30
PID 2056 wrote to memory of 2676	2056	more.com	30
PID 2056 wrote to memory of 2676	2056	more.com	30

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Eoin.pif
    C:\Users\Admin\AppData\Local\Temp\Eoin.pif
    3⤵
    - Loads dropped DLL
    PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ad9cc4d4

Filesize
1.0MB

MD5
dd886d9e89971c788e3f4114a64f3419

SHA1
7f0e3670ec84e0cb748edb23b9d2578ffa153d52

SHA256
1290e461db38542c26b48a17a71ac70b1467d91b029045cb9c49c93f4eafe8d8

SHA512
99e0df2801b31f5fafbc2f710b0658072fc740fdee06bff7506e1a592d62cc5b59bae3934d61afaab50857cc5c069f143a90c3e107d1ad74533b8db222f2a8c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\af426f2a

Filesize
1.1MB

MD5
ff07cef07b7bdf77f9363124593bdfa9

SHA1
511fc220b7083d8d1cf4edee14eb302c07a28837

SHA256
73f3393c897d9c9051af50f30c6d8876fc5a57406a6d275b545e6d1cb51ccd9e

SHA512
5e0dec20948df3ef0e78f7123437ccca2731327435b03da799d2b8ad059822f0cd85dcce1196adb751b685da138e4ef7759c4347ca59c383365abbef0c0759d3

Download Submit
\Users\Admin\AppData\Local\Temp\Eoin.pif

Filesize
76KB

MD5
f43c6b629baaaaee1e7fe095a8821631

SHA1
f0e4b84bb1fa6ba985e281f3afc9642afca168b5

SHA256
4196f6776110e75a9670fb5843f373e90e88c0826ead45a30e9578221ff44ae3

SHA512
2b475850705fa37dd0c1b093d31ccce48ffdbcc614215ffb304070b4f31e16ca651d4569af39b36482c848751f1e31b7fd647bd23245718a0a1e877a6417878a

Download Submit
memory/2056-15-0x00000000770B0000-0x0000000077259000-memory.dmp

Filesize
1.7MB

Download
memory/2056-32-0x000000007535E000-0x0000000075360000-memory.dmp

Filesize
8KB

Download
memory/2056-24-0x0000000075350000-0x0000000075385000-memory.dmp

Filesize
212KB

Download
memory/2056-22-0x0000000075350000-0x0000000075385000-memory.dmp

Filesize
212KB

Download
memory/2056-20-0x000000007535E000-0x0000000075360000-memory.dmp

Filesize
8KB

Download
memory/2056-17-0x0000000075350000-0x0000000075385000-memory.dmp

Filesize
212KB

Download
memory/2300-9-0x000007FEFF2E8000-0x000007FEFF2E9000-memory.dmp

Filesize
4KB

Download
memory/2300-11-0x000007FEFF2D0000-0x000007FEFF31D000-memory.dmp

Filesize
308KB

Download
memory/2300-10-0x000007FEFF2D0000-0x000007FEFF31D000-memory.dmp

Filesize
308KB

Download
memory/2300-0-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2300-8-0x000007FEFF2D0000-0x000007FEFF31D000-memory.dmp

Filesize
308KB

Download
memory/2300-1-0x0000000000400000-0x0000000000F66000-memory.dmp

Filesize
11.4MB

Download
memory/2300-2-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2676-26-0x00000000770B0000-0x0000000077259000-memory.dmp

Filesize
1.7MB

Download
memory/2676-27-0x0000000000080000-0x00000000000DC000-memory.dmp

Filesize
368KB

Download
memory/2676-31-0x0000000000282000-0x0000000000289000-memory.dmp

Filesize
28KB

Download
memory/2676-30-0x0000000000080000-0x00000000000DC000-memory.dmp

Filesize
368KB

Download