ea009130903768b9752cab141c8ca13c27f11b66d0408e383092c6afca7168d4

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

673.3MB
MD5

2367d8e68c0dfa92245e74b6b00ab628
SHA1

7e88ced74bd427c8ede9c9a2515299755abf95d6
SHA256

585c3de663601b57595ee5bdfa730fc856d2d5cd9253fc1b105f11467dc1b557
SHA512

e594bebd880a647526fbe1719890ac8bdd43420fdadd1a1a72ede59f85919a20962d422e2e074f322bd1eb0593220759e5d666a2cb2230dbead66097bb2dc998
SSDEEP

196608:Aq2xoeoAhPFegGSGXaRGSQO7BPlAJ1mfk5quUz5u5vrHOX:QxoeoAAXoJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2188	Eoin.pif

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4108 set thread context of 1556	4108	Setup.exe	83

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4108	Setup.exe
4108	Setup.exe
1556	more.com
1556	more.com

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4108	Setup.exe
1556	more.com

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4108	Setup.exe
4108	Setup.exe
4108	Setup.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 1556	4108	Setup.exe	83
PID 4108 wrote to memory of 1556	4108	Setup.exe	83
PID 4108 wrote to memory of 1556	4108	Setup.exe	83
PID 4108 wrote to memory of 1556	4108	Setup.exe	83
PID 1556 wrote to memory of 2188	1556	more.com	86
PID 1556 wrote to memory of 2188	1556	more.com	86
PID 1556 wrote to memory of 2188	1556	more.com	86
PID 1556 wrote to memory of 2188	1556	more.com	86
PID 1556 wrote to memory of 2188	1556	more.com	86

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Eoin.pif
    C:\Users\Admin\AppData\Local\Temp\Eoin.pif
    3⤵
    - Loads dropped DLL
    PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Eoin.pif

Filesize
76KB

MD5
f43c6b629baaaaee1e7fe095a8821631

SHA1
f0e4b84bb1fa6ba985e281f3afc9642afca168b5

SHA256
4196f6776110e75a9670fb5843f373e90e88c0826ead45a30e9578221ff44ae3

SHA512
2b475850705fa37dd0c1b093d31ccce48ffdbcc614215ffb304070b4f31e16ca651d4569af39b36482c848751f1e31b7fd647bd23245718a0a1e877a6417878a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d4cc82b1

Filesize
1.0MB

MD5
dd886d9e89971c788e3f4114a64f3419

SHA1
7f0e3670ec84e0cb748edb23b9d2578ffa153d52

SHA256
1290e461db38542c26b48a17a71ac70b1467d91b029045cb9c49c93f4eafe8d8

SHA512
99e0df2801b31f5fafbc2f710b0658072fc740fdee06bff7506e1a592d62cc5b59bae3934d61afaab50857cc5c069f143a90c3e107d1ad74533b8db222f2a8c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d682f6ed

Filesize
1.1MB

MD5
a8489f9586de0c129bf79d64ae4a13af

SHA1
397195583b98be76cf47ad3970d4aa48c73b95e2

SHA256
7056f59e576dcad6f24211c15b98960725e1a747650a07c7cb201859cebd4f24

SHA512
19f10ea3446e000937de29ab59c234c188438cc1cc10a2badaf45744dd22c2764040bd439b96c6e7cb67a31a8701d40ee7c7293f6e9d0024468fa2a1ff6ad7f4

Download Submit
memory/1556-15-0x00007FF81F0D0000-0x00007FF81F2C5000-memory.dmp

Filesize
2.0MB

Download
memory/1556-29-0x0000000075DEE000-0x0000000075DF0000-memory.dmp

Filesize
8KB

Download
memory/1556-22-0x0000000075DE0000-0x0000000075E43000-memory.dmp

Filesize
396KB

Download
memory/1556-17-0x0000000075DE0000-0x0000000075E43000-memory.dmp

Filesize
396KB

Download
memory/1556-18-0x0000000075DEE000-0x0000000075DF0000-memory.dmp

Filesize
8KB

Download
memory/1556-19-0x0000000075DE0000-0x0000000075E43000-memory.dmp

Filesize
396KB

Download
memory/2188-25-0x00007FF81F0D0000-0x00007FF81F2C5000-memory.dmp

Filesize
2.0MB

Download
memory/2188-26-0x0000000000540000-0x000000000059C000-memory.dmp

Filesize
368KB

Download
memory/2188-27-0x0000000075DE0000-0x0000000075E43000-memory.dmp

Filesize
396KB

Download
memory/2188-28-0x0000000000540000-0x000000000059C000-memory.dmp

Filesize
368KB

Download
memory/2188-30-0x0000000000540000-0x000000000059C000-memory.dmp

Filesize
368KB

Download
memory/2188-32-0x0000000075DE0000-0x0000000075E43000-memory.dmp

Filesize
396KB

Download
memory/4108-11-0x00007FF81DAC0000-0x00007FF81DB2B000-memory.dmp

Filesize
428KB

Download
memory/4108-9-0x00007FF81DAD8000-0x00007FF81DAD9000-memory.dmp

Filesize
4KB

Download
memory/4108-10-0x00007FF81DAC0000-0x00007FF81DB2B000-memory.dmp

Filesize
428KB

Download
memory/4108-8-0x00007FF81DAC0000-0x00007FF81DB2B000-memory.dmp

Filesize
428KB

Download
memory/4108-2-0x0000000000400000-0x0000000000F66000-memory.dmp

Filesize
11.4MB

Download
memory/4108-0-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/4108-1-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download