df3b824b5daa03558d0e1ecc3b48bdb910adf752f9b4681ff0db3fab8866462b

Analysis

max time kernel
43s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_v1.2.1.exe
Size

43.6MB
MD5

c8406a477792b1a7c645d5b82ebeba73
SHA1

fec1b9c625fbea997a99f8f6aeeb24451b85dce0
SHA256

df3b824b5daa03558d0e1ecc3b48bdb910adf752f9b4681ff0db3fab8866462b
SHA512

8d1845a3567d52ee8466e3ad1f8f310a02da84033afb6004166d6a2d178cf947fc3ed0d1ffb6abecc226d90442de899d6840706bb044f30b3ada162138242705
SSDEEP

196608:vq22KXdSP+15Cj09ktWCFU2s4S0Td9+RsOl8NfpcPFIKXxWDtt86fh:i2hXdb1GWC639SAsOl8NfpcPaKQDT

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3200 set thread context of 4936	3200	Setup_v1.2.1.exe	92

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 4936	3200	Setup_v1.2.1.exe	92
PID 3200 wrote to memory of 4936	3200	Setup_v1.2.1.exe	92
PID 3200 wrote to memory of 4936	3200	Setup_v1.2.1.exe	92
PID 3200 wrote to memory of 4936	3200	Setup_v1.2.1.exe	92
PID 3200 wrote to memory of 4936	3200	Setup_v1.2.1.exe	92

C:\Users\Admin\AppData\Local\Temp\Setup_v1.2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_v1.2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  2⤵
  PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3200-0-0x00007FF6B2350000-0x00007FF6B4F9F000-memory.dmp

Filesize
44.3MB

Download
memory/3200-1-0x00007FF6B2350000-0x00007FF6B4F9F000-memory.dmp

Filesize
44.3MB

Download
memory/3200-3-0x00007FF6B2350000-0x00007FF6B4F9F000-memory.dmp

Filesize
44.3MB

Download
memory/3200-8-0x00007FF6B2350000-0x00007FF6B4F9F000-memory.dmp

Filesize
44.3MB

Download
memory/3200-11-0x00007FF6B2350000-0x00007FF6B4F9F000-memory.dmp

Filesize
44.3MB

Download
memory/4936-9-0x0000000001280000-0x00000000012D4000-memory.dmp

Filesize
336KB

Download
memory/4936-12-0x0000000001280000-0x00000000012D4000-memory.dmp

Filesize
336KB

Download
memory/4936-13-0x0000000001280000-0x00000000012D4000-memory.dmp

Filesize
336KB

Download
memory/4936-14-0x0000000001280000-0x00000000012D4000-memory.dmp

Filesize
336KB

Download