2260b2fb84e4edd7207d1088231f020da0267578cc2ae7be0eab0148acb9f72d

Analysis

max time kernel
142s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

24.2MB
MD5

1a183345644b25b242c1de5405b68f2c
SHA1

a7430be8224a263ca58f6b41cc6241c192325244
SHA256

2260b2fb84e4edd7207d1088231f020da0267578cc2ae7be0eab0148acb9f72d
SHA512

742b50a8241f07727e54c2d56daed98f798ad084e474991f98d0e1e9cc07b0b7ab5727ed8d06f46ec218491d75e55b74de2d910c4128c0aab27bcc52fc2ab5bb
SSDEEP

393216:/HYst3DAEA6M1wrzLL7xnJWuycswFW6ZDcoEEulTGlVUj7JmO:wsBAE7zfL1bPswAjtT2VYh

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe

Loads dropped DLL 17 IoCs

pid	Process
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe
3888	Setup.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Checks whether UAC is enabled
- Loads dropped DLL
- Checks processor information in registry
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:8
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BR1CF9.tmp

Filesize
43KB

MD5
043912c143bd6bc1a55fcd1acf8e368c

SHA1
042f241324989a21d1a61eee543e935ae1b9f163

SHA256
f7396330d3aef2201766cd94e90d7ada1bebc2092a3b177274b546488dd21955

SHA512
9dcdeade6e9e56e5763842b55f5d3258f7488098f964e1e882e9415dd490273bd2a44ac1cdbb2e352f1feea6aabf0b1a75f29441ad70ff898f636ee67b819156

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR1E52.tmp

Filesize
403KB

MD5
a210f1ac135e5331c314ce5f394fb5a5

SHA1
355afc1c61e1f65834472b16a4ca718e61537dc2

SHA256
65b32ea2982078fb9a18e88feec238cb76ed2ae6c2bb4ddb0f6a9c4f57b1d62b

SHA512
e4e70ef75e2f7897837f6772b9a0dcaaf4515d8be4210b28509f12cdde9d85bd7bed604ad5a9ee587356971f75e6f79874dbdb974cec4996262295e255501cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR2392.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR23F1.tmp

Filesize
121KB

MD5
1199bfa06b996be79b987c6506328a22

SHA1
e04d52d1d40bf161e7d64a5143b6908aac3be772

SHA256
481f2fa60cc99ba5784af304906acb4e356a704e440d6d141054d8226e73c56d

SHA512
354c977c63bbd8659969babb46f3a05b04396c91a8c1905fe76d45d2ab1d9b2d49e67630aed310921c3e3d64164424e2915c5a4868757e7c75758c655c085786

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR2421.tmp

Filesize
400KB

MD5
027491b39a7b16b116e780f55abc288e

SHA1
62c0ab7c3e374d5fc9920983ee62baa4421076b4

SHA256
eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0

SHA512
fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR24CE.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR28A7.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR28B8.tmp

Filesize
102KB

MD5
cd326d958ad1eeb46b99b7aaccab5edb

SHA1
c424d750fa5c85cccb10ee42acf43e640e9ffc56

SHA256
b966b6e0cf704e65627b74d9f4e4b7af31a9ce5d9564d00cfef822af427ec88d

SHA512
5bf45cebdf56cb66cdfad4be14ab3a2db93098d90c753018e2a257aa1ab4cf033db2d23a18ef20ef0b20a19d3dde8d2b274fcbdd2d77dd6844ab48259212c01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR2936.tmp

Filesize
24KB

MD5
4cf27e0747e5719a5478aa2624f6b996

SHA1
13df901e34f77e5ea11f36c0afedda7f86a2c003

SHA256
e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9

SHA512
4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR29A4.tmp

Filesize
24KB

MD5
124e89d0fcc409ede3595a253b788708

SHA1
bc88e037c3edea02dd20aeff10818105be9f4033

SHA256
27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114

SHA512
7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR29E4.tmp

Filesize
100KB

MD5
606f13d4d580b1f322b3f3d3df423bba

SHA1
02cb375e13b415edc8b5360dffdba531e47827ed

SHA256
c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25

SHA512
867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BR2A23.tmp

Filesize
56KB

MD5
145d5c49fe34a44662beaffe641d58c7

SHA1
95d5e92523990b614125d66fa3fa395170a73bfe

SHA256
59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a

SHA512
48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

Download Submit
memory/3888-103-0x0000000002BC0000-0x0000000002BD9000-memory.dmp

Filesize
100KB

Download
memory/3888-125-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-41-0x0000000002C20000-0x0000000002C85000-memory.dmp

Filesize
404KB

Download
memory/3888-119-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-121-0x0000000066680000-0x000000006668E000-memory.dmp

Filesize
56KB

Download
memory/3888-124-0x0000000067E00000-0x0000000067E1B000-memory.dmp

Filesize
108KB

Download
memory/3888-123-0x0000000066C00000-0x0000000066C14000-memory.dmp

Filesize
80KB

Download
memory/3888-122-0x00000000710C0000-0x00000000710DF000-memory.dmp

Filesize
124KB

Download
memory/3888-120-0x0000000074360000-0x000000007436E000-memory.dmp

Filesize
56KB

Download
memory/3888-115-0x0000000002BE0000-0x0000000002BEE000-memory.dmp

Filesize
56KB

Download
memory/3888-131-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-137-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-143-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-149-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-155-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-161-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-167-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download
memory/3888-173-0x00000000000E0000-0x000000000039E000-memory.dmp

Filesize
2.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads