Analysis
-
max time kernel
43s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 17:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Setup_v1.2.1.exe
Resource
win7-20240508-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Setup_v1.2.1.exe
Resource
win10v2004-20240508-en
3 signatures
150 seconds
General
-
Target
Setup_v1.2.1.exe
-
Size
43.6MB
-
MD5
c8406a477792b1a7c645d5b82ebeba73
-
SHA1
fec1b9c625fbea997a99f8f6aeeb24451b85dce0
-
SHA256
df3b824b5daa03558d0e1ecc3b48bdb910adf752f9b4681ff0db3fab8866462b
-
SHA512
8d1845a3567d52ee8466e3ad1f8f310a02da84033afb6004166d6a2d178cf947fc3ed0d1ffb6abecc226d90442de899d6840706bb044f30b3ada162138242705
-
SSDEEP
196608:vq22KXdSP+15Cj09ktWCFU2s4S0Td9+RsOl8NfpcPFIKXxWDtt86fh:i2hXdb1GWC639SAsOl8NfpcPaKQDT
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 2 raw.githubusercontent.com -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3200 set thread context of 4936 3200 Setup_v1.2.1.exe 92 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 3200 wrote to memory of 4936 3200 Setup_v1.2.1.exe 92 PID 3200 wrote to memory of 4936 3200 Setup_v1.2.1.exe 92 PID 3200 wrote to memory of 4936 3200 Setup_v1.2.1.exe 92 PID 3200 wrote to memory of 4936 3200 Setup_v1.2.1.exe 92 PID 3200 wrote to memory of 4936 3200 Setup_v1.2.1.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup_v1.2.1.exe"C:\Users\Admin\AppData\Local\Temp\Setup_v1.2.1.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3200 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵PID:4936
-