Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-07-2024 19:35
Static task
static1
Behavioral task
behavioral1
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe
Resource
win11-20240508-en
General
-
Target
!ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe
-
Size
1.1MB
-
MD5
f975a2d83d63a473fa2fc5206b66bb79
-
SHA1
e49d21f112ab27ae0953aff30ae122440cf164b9
-
SHA256
6a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8
-
SHA512
4af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64
-
SSDEEP
12288:IbCylcTVPbi7vT1K7n6HpVkg8KHIo5u0K1VmMxEnbuvuY2jTU+LHMA+nk2oG1ts:4lcTVPbikTMkg8KH/mmMxnvfphx8
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid process target process PID 2152 set thread context of 4616 2152 Setup.exe more.com -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.exemore.compid process 2152 Setup.exe 2152 Setup.exe 4616 more.com 4616 more.com -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid process 2152 Setup.exe 4616 more.com -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
Setup.exemore.comdescription pid process target process PID 2152 wrote to memory of 4616 2152 Setup.exe more.com PID 2152 wrote to memory of 4616 2152 Setup.exe more.com PID 2152 wrote to memory of 4616 2152 Setup.exe more.com PID 2152 wrote to memory of 4616 2152 Setup.exe more.com PID 4616 wrote to memory of 1904 4616 more.com SearchIndexer.exe PID 4616 wrote to memory of 1904 4616 more.com SearchIndexer.exe PID 4616 wrote to memory of 1904 4616 more.com SearchIndexer.exe PID 4616 wrote to memory of 1904 4616 more.com SearchIndexer.exe PID 4616 wrote to memory of 1904 4616 more.com SearchIndexer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\!ŞetUp_51286--#PaSꞨKḙy#$$\Setup.exe"C:\Users\Admin\AppData\Local\Temp\!ŞetUp_51286--#PaSꞨKḙy#$$\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4616 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:1904
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1011KB
MD5e5ec136818bcd9296e897ec1a77e02bb
SHA198901f3ef6f1c812eb9fbcb6e9b333b9486b93f9
SHA256bd407e0e876bbcbeec0a6c95bd9f6edab8d95ffaf0908cf347b6c79f987d2077
SHA5128969e1bffa65bc760f39aacd3c340b26f6d4ac615d2e695891b2d408ee6836e3b7c754979934f80656e24aaee86254bbccbee6937a554f565606614da29505d1