Analysis

  • max time kernel
    119s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2024 13:19

General

  • Target

    Setup_Files/Setup.exe

  • Size

    662.5MB

  • MD5

    59839dad3c13480e4f29ad32afdc8fb1

  • SHA1

    2d66cf175875f98784f9be66d832dee8cbad5a69

  • SHA256

    002f5b2aa14a46544ac266bc78a348d71480c474fd00bc01708ce1dcba1291ee

  • SHA512

    3ae89c0f7c0fba2f0b6f6db95abc12ba4f628a3615ae1fb4a8a402dfa7bc875890eb8c708bb68303eb9dde835572cef2ca45cdd93ff20d279525ba9b8514477e

  • SSDEEP

    196608:Dpcugy7TlXNdj+P64+S+rt7hOD6ZJHXg4nhVUGbP4X3bOq2JRuwt:Dpcu7k6FkAZL

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_Files\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_Files\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\SysWOW64\comp.exe
      C:\Windows\SysWOW64\comp.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\SysWOW64\SearchIndexer.exe
        C:\Windows\SysWOW64\SearchIndexer.exe
        3⤵
          PID:2776

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\23a4ca1d

      Filesize

      955KB

      MD5

      e0d9f835bdb67e0e2c96fd66d64d145b

      SHA1

      fdd5fbbd361dcde42df1917d2e8be85e4ff62c19

      SHA256

      77fb8d12be6343177dd32614d0eba28085b39f58769a608c9aa9b8a9e6054b63

      SHA512

      15a9cadc9918965a8de775499e04900d820b9b022a96d8653da662ebc49033fbaa7b1403fccf7568967d4cff4faa00f6996ee5284f4d10d78eca420d48faa58b

    • C:\Users\Admin\AppData\Local\Temp\23c5db96

      Filesize

      1008KB

      MD5

      e82a4b15d999779e4b98b4d4dc4a2735

      SHA1

      5a5d1721d5f235af0c418a359204f28c7eb9eed5

      SHA256

      3cdf1c4699fc0c00cdcb2a68da20b112b4b4aa46b713532a3ae38233a99af0ae

      SHA512

      0904282b6be8bbd5f056c824d8fbc48f22751d7c740dd1c7da38e494352a9e49e66fb14da06cc4f060a29f8bb59a53fc6c2353f3c3d382dd183b8674783c26ff

    • memory/2424-6-0x0000000074BD0000-0x0000000074C67000-memory.dmp

      Filesize

      604KB

    • memory/2424-7-0x0000000077BD0000-0x0000000077D79000-memory.dmp

      Filesize

      1.7MB

    • memory/2424-8-0x0000000074BE2000-0x0000000074BE4000-memory.dmp

      Filesize

      8KB

    • memory/2424-9-0x0000000074BD0000-0x0000000074C67000-memory.dmp

      Filesize

      604KB

    • memory/2424-10-0x0000000074BD0000-0x0000000074C67000-memory.dmp

      Filesize

      604KB

    • memory/2424-0-0x0000000000400000-0x000000000108D000-memory.dmp

      Filesize

      12.6MB

    • memory/2776-20-0x0000000077BD0000-0x0000000077D79000-memory.dmp

      Filesize

      1.7MB

    • memory/2776-23-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/2776-22-0x000000000025D000-0x0000000000265000-memory.dmp

      Filesize

      32KB

    • memory/2776-21-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/2972-14-0x0000000074BD0000-0x0000000074C67000-memory.dmp

      Filesize

      604KB

    • memory/2972-19-0x0000000074BD0000-0x0000000074C67000-memory.dmp

      Filesize

      604KB

    • memory/2972-17-0x0000000074BD0000-0x0000000074C67000-memory.dmp

      Filesize

      604KB

    • memory/2972-16-0x0000000074BD0000-0x0000000074C67000-memory.dmp

      Filesize

      604KB

    • memory/2972-15-0x0000000077BD0000-0x0000000077D79000-memory.dmp

      Filesize

      1.7MB