8c09b0520cd0a587ccdab5f16b202ef013d9bf3b4fc7653b5afdf480417d33f1

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

5.8MB
MD5

c34e8f27e5e41acc13f476298be901f5
SHA1

1857dfcf2bbb4e91fed3595395cc6ea1b6e5e425
SHA256

8c09b0520cd0a587ccdab5f16b202ef013d9bf3b4fc7653b5afdf480417d33f1
SHA512

ccc416d96d36b792c59bdfd23c5e2e3b2c08c3498e43af7e0e5b873e0828c23fb30c1f21428fb8f984df99255d232e718422ce95acc8bba888da082f465c6709
SSDEEP

98304:vsMDHDRm8rcgEqQQ5izvWtb2ZaQ9kclxrg/bYzO6TEYJYEHjHO:RHDRLrcgEq55izvWtDaxbBOLYJYmu

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2644 set thread context of 1876	2644	Setup.exe	28

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2644	Setup.exe
2644	Setup.exe
1876	more.com
1876	more.com

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2644	Setup.exe
1876	more.com

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 1876	2644	Setup.exe	28
PID 2644 wrote to memory of 1876	2644	Setup.exe	28
PID 2644 wrote to memory of 1876	2644	Setup.exe	28
PID 2644 wrote to memory of 1876	2644	Setup.exe	28
PID 2644 wrote to memory of 1876	2644	Setup.exe	28
PID 1876 wrote to memory of 2768	1876	more.com	30
PID 1876 wrote to memory of 2768	1876	more.com	30
PID 1876 wrote to memory of 2768	1876	more.com	30
PID 1876 wrote to memory of 2768	1876	more.com	30
PID 1876 wrote to memory of 2768	1876	more.com	30

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Windows\SysWOW64\SearchIndexer.exe
    C:\Windows\SysWOW64\SearchIndexer.exe
    3⤵
    PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\867db591

Filesize
1.2MB

MD5
d85456bc93bc20de97041fb8f7f79247

SHA1
d155e82d273925a86ef370c9f3fda0a0cb1112ef

SHA256
9046bbd0bcb00410590ff77db0766c8c26f26afa4eb6431b4fb7d5e5aa8d00bf

SHA512
c6ca930fe9f95058c05ec1c2852645c4c2c967e9423bb058633503541e09bd59bdd42b8eb4a1c11892adf73e2774ce11e90303b01f1f31798d56e5ae23f9de7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\8b26d654

Filesize
1016KB

MD5
dd576cf7d42d1df6ae376a3e5567963c

SHA1
2e6701e044c599fcdd3d2b7b6f8b03a617e7507d

SHA256
ad15e4ba14b84c65b1fc2f6618a1804fb9b0a4cd254661b11df8fc5ff7e62f53

SHA512
12c6e09ceef9f11001ec628bd1131f66c0418de2d753a503e579cbf6e48178954bccd8ebcca30e122f8a6d12b5ef6f4b98f7157648e34e4adaf62e708e2e7d7a

Download Submit
memory/1876-18-0x0000000074870000-0x00000000748BA000-memory.dmp

Filesize
296KB

Download
memory/1876-12-0x0000000074870000-0x00000000748BA000-memory.dmp

Filesize
296KB

Download
memory/1876-16-0x0000000074870000-0x00000000748BA000-memory.dmp

Filesize
296KB

Download
memory/1876-15-0x0000000074870000-0x00000000748BA000-memory.dmp

Filesize
296KB

Download
memory/1876-14-0x00000000776C0000-0x0000000077869000-memory.dmp

Filesize
1.7MB

Download
memory/2644-10-0x0000000074870000-0x00000000748BA000-memory.dmp

Filesize
296KB

Download
memory/2644-6-0x0000000074870000-0x00000000748BA000-memory.dmp

Filesize
296KB

Download
memory/2644-7-0x00000000776C0000-0x0000000077869000-memory.dmp

Filesize
1.7MB

Download
memory/2644-9-0x0000000074870000-0x00000000748BA000-memory.dmp

Filesize
296KB

Download
memory/2644-8-0x0000000074882000-0x0000000074884000-memory.dmp

Filesize
8KB

Download
memory/2644-0-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/2768-19-0x00000000776C0000-0x0000000077869000-memory.dmp

Filesize
1.7MB

Download
memory/2768-20-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2768-21-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2768-22-0x00000000004ED000-0x00000000004F5000-memory.dmp

Filesize
32KB

Download