Analysis

  • max time kernel
    49s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2024 22:24

General

  • Target

    Setup.exe

  • Size

    3.1MB

  • MD5

    b841d408448f2a07f308ced1589e7673

  • SHA1

    f5b5095c0ed69d42110df6d39810d12b1fa32a1e

  • SHA256

    69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699

  • SHA512

    a689734048109ab7bec9491bbb7781686c19c7885166b3ca2975e2f49e956fcc388cd8ca85a4e5a8bf9efe6056f1e0d80197b7f521d4f0d4cadb10ba9ef1fa93

  • SSDEEP

    49152:pvFg5qg9BtIAHE3SM4ahx6LK2SamuZob+tCjNrv8:Jm5qGBHBLRKuZfkjNrv8

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\SysWOW64\more.com
      C:\Windows\SysWOW64\more.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Windows\SysWOW64\SearchIndexer.exe
        C:\Windows\SysWOW64\SearchIndexer.exe
        3⤵
          PID:1608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2bd7e893

      Filesize

      1014KB

      MD5

      6b6e0a487499f1359ff2cc56ed808359

      SHA1

      0ac7b38a07bbfae9df076cbb8b9965c93dc07f68

      SHA256

      64524fa167b7a246d0e51407fec589af4bc9a05a849e99c691fcf6ccf423a308

      SHA512

      750cb0ae4bb1392163dd895837b7a51f7183823c5c0ff8aec922e717c663c42e1008c2d79f57a2c409112776ba882fb9e9ca78928fedf100daa185173234c697

    • memory/1608-25-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

    • memory/1608-24-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

    • memory/1608-22-0x0000000077330000-0x00000000774D9000-memory.dmp

      Filesize

      1.7MB

    • memory/2172-18-0x0000000074400000-0x0000000074497000-memory.dmp

      Filesize

      604KB

    • memory/2172-23-0x0000000074401000-0x000000007440F000-memory.dmp

      Filesize

      56KB

    • memory/2172-21-0x0000000074400000-0x0000000074497000-memory.dmp

      Filesize

      604KB

    • memory/2172-13-0x0000000074401000-0x000000007440F000-memory.dmp

      Filesize

      56KB

    • memory/2172-19-0x0000000074400000-0x0000000074497000-memory.dmp

      Filesize

      604KB

    • memory/2172-17-0x0000000077330000-0x00000000774D9000-memory.dmp

      Filesize

      1.7MB

    • memory/2348-9-0x0000000074400000-0x0000000074497000-memory.dmp

      Filesize

      604KB

    • memory/2348-11-0x0000000000400000-0x0000000000711000-memory.dmp

      Filesize

      3.1MB

    • memory/2348-12-0x000000004A600000-0x000000004A6EC000-memory.dmp

      Filesize

      944KB

    • memory/2348-0-0x0000000000240000-0x000000000034B000-memory.dmp

      Filesize

      1.0MB

    • memory/2348-8-0x0000000000240000-0x000000000034B000-memory.dmp

      Filesize

      1.0MB

    • memory/2348-2-0x0000000077330000-0x00000000774D9000-memory.dmp

      Filesize

      1.7MB

    • memory/2348-1-0x0000000074400000-0x0000000074497000-memory.dmp

      Filesize

      604KB