Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
05-07-2024 13:19
Static task
static1
Behavioral task
behavioral1
Sample
Setup_Files/Setup.exe
Resource
win7-20240704-en
General
-
Target
Setup_Files/Setup.exe
-
Size
662.5MB
-
MD5
59839dad3c13480e4f29ad32afdc8fb1
-
SHA1
2d66cf175875f98784f9be66d832dee8cbad5a69
-
SHA256
002f5b2aa14a46544ac266bc78a348d71480c474fd00bc01708ce1dcba1291ee
-
SHA512
3ae89c0f7c0fba2f0b6f6db95abc12ba4f628a3615ae1fb4a8a402dfa7bc875890eb8c708bb68303eb9dde835572cef2ca45cdd93ff20d279525ba9b8514477e
-
SSDEEP
196608:Dpcugy7TlXNdj+P64+S+rt7hOD6ZJHXg4nhVUGbP4X3bOq2JRuwt:Dpcu7k6FkAZL
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid process target process PID 2424 set thread context of 2972 2424 Setup.exe comp.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.execomp.exepid process 2424 Setup.exe 2424 Setup.exe 2972 comp.exe 2972 comp.exe -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.execomp.exepid process 2424 Setup.exe 2972 comp.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
Setup.execomp.exedescription pid process target process PID 2424 wrote to memory of 2972 2424 Setup.exe comp.exe PID 2424 wrote to memory of 2972 2424 Setup.exe comp.exe PID 2424 wrote to memory of 2972 2424 Setup.exe comp.exe PID 2424 wrote to memory of 2972 2424 Setup.exe comp.exe PID 2424 wrote to memory of 2972 2424 Setup.exe comp.exe PID 2972 wrote to memory of 2776 2972 comp.exe SearchIndexer.exe PID 2972 wrote to memory of 2776 2972 comp.exe SearchIndexer.exe PID 2972 wrote to memory of 2776 2972 comp.exe SearchIndexer.exe PID 2972 wrote to memory of 2776 2972 comp.exe SearchIndexer.exe PID 2972 wrote to memory of 2776 2972 comp.exe SearchIndexer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup_Files\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup_Files\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\SysWOW64\comp.exeC:\Windows\SysWOW64\comp.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:2776
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
955KB
MD5e0d9f835bdb67e0e2c96fd66d64d145b
SHA1fdd5fbbd361dcde42df1917d2e8be85e4ff62c19
SHA25677fb8d12be6343177dd32614d0eba28085b39f58769a608c9aa9b8a9e6054b63
SHA51215a9cadc9918965a8de775499e04900d820b9b022a96d8653da662ebc49033fbaa7b1403fccf7568967d4cff4faa00f6996ee5284f4d10d78eca420d48faa58b
-
Filesize
1008KB
MD5e82a4b15d999779e4b98b4d4dc4a2735
SHA15a5d1721d5f235af0c418a359204f28c7eb9eed5
SHA2563cdf1c4699fc0c00cdcb2a68da20b112b4b4aa46b713532a3ae38233a99af0ae
SHA5120904282b6be8bbd5f056c824d8fbc48f22751d7c740dd1c7da38e494352a9e49e66fb14da06cc4f060a29f8bb59a53fc6c2353f3c3d382dd183b8674783c26ff