Overview
overview
10Static
static
3Program/De...FS.dll
windows10-2004-x64
1Program/De...FS.dll
windows11-21h2-x64
1Program/De...se.dll
windows10-2004-x64
1Program/De...se.dll
windows11-21h2-x64
1Program/De...on.dll
windows10-2004-x64
1Program/De...on.dll
windows11-21h2-x64
1Program/De...le.dll
windows10-2004-x64
1Program/De...le.dll
windows11-21h2-x64
1Program/Er...1].exe
windows10-2004-x64
1Program/Er...1].exe
windows11-21h2-x64
1Program/Li...et.dll
windows10-2004-x64
1Program/Li...et.dll
windows11-21h2-x64
1Program/Li...ng.dll
windows10-2004-x64
1Program/Li...ng.dll
windows11-21h2-x64
1Program/Li...GL.dll
windows10-2004-x64
3Program/Li...GL.dll
windows11-21h2-x64
3Program/Li...-1.dll
windows10-2004-x64
3Program/Li...-1.dll
windows11-21h2-x64
3Program/Setup.exe
windows10-2004-x64
10Program/Setup.exe
windows11-21h2-x64
6Program/caret.xls
windows10-2004-x64
1Program/caret.xls
windows11-21h2-x64
1Program/ms...lf.dll
windows10-2004-x64
1Program/ms...lf.dll
windows11-21h2-x64
1Program/test.asp
windows10-2004-x64
3Program/test.asp
windows11-21h2-x64
3Analysis
-
max time kernel
90s -
max time network
99s -
platform
windows11-21h2_x64 -
resource
win11-20240704-en -
resource tags
arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system -
submitted
05-07-2024 20:09
Static task
static1
Behavioral task
behavioral1
Sample
Program/Debugs/AlphaFS.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral2
Sample
Program/Debugs/AlphaFS.dll
Resource
win11-20240704-en
Behavioral task
behavioral3
Sample
Program/Debugs/License.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral4
Sample
Program/Debugs/License.dll
Resource
win11-20240704-en
Behavioral task
behavioral5
Sample
Program/Debugs/Newtonsoft.Json.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral6
Sample
Program/Debugs/Newtonsoft.Json.dll
Resource
win11-20240704-en
Behavioral task
behavioral7
Sample
Program/Debugs/VersionStable.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral8
Sample
Program/Debugs/VersionStable.dll
Resource
win11-20240704-en
Behavioral task
behavioral9
Sample
Program/ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral10
Sample
Program/ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win11-20240704-en
Behavioral task
behavioral11
Sample
Program/Libs/Extreme.Net.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral12
Sample
Program/Libs/Extreme.Net.dll
Resource
win11-20240508-en
Behavioral task
behavioral13
Sample
Program/Libs/Injecting.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral14
Sample
Program/Libs/Injecting.dll
Resource
win11-20240704-en
Behavioral task
behavioral15
Sample
Program/Libs/libEGL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
Program/Libs/libEGL.dll
Resource
win11-20240704-en
Behavioral task
behavioral17
Sample
Program/Libs/libgcc_s_dw2-1.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral18
Sample
Program/Libs/libgcc_s_dw2-1.dll
Resource
win11-20240704-en
Behavioral task
behavioral19
Sample
Program/Setup.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral20
Sample
Program/Setup.exe
Resource
win11-20240704-en
Behavioral task
behavioral21
Sample
Program/caret.xls
Resource
win10v2004-20240704-en
Behavioral task
behavioral22
Sample
Program/caret.xls
Resource
win11-20240704-en
Behavioral task
behavioral23
Sample
Program/msedge_elf.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral24
Sample
Program/msedge_elf.dll
Resource
win11-20240704-en
Behavioral task
behavioral25
Sample
Program/test.asp
Resource
win10v2004-20240704-en
Behavioral task
behavioral26
Sample
Program/test.asp
Resource
win11-20240704-en
General
-
Target
Program/Setup.exe
-
Size
1.1MB
-
MD5
f975a2d83d63a473fa2fc5206b66bb79
-
SHA1
e49d21f112ab27ae0953aff30ae122440cf164b9
-
SHA256
6a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8
-
SHA512
4af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64
-
SSDEEP
12288:IbCylcTVPbi7vT1K7n6HpVkg8KHIo5u0K1VmMxEnbuvuY2jTU+LHMA+nk2oG1ts:4lcTVPbikTMkg8KH/mmMxnvfphx8
Malware Config
Signatures
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid process target process PID 1380 set thread context of 1904 1380 Setup.exe more.com -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
Setup.exemore.comSearchIndexer.exepid process 1380 Setup.exe 1380 Setup.exe 1904 more.com 1904 more.com 4500 SearchIndexer.exe 4500 SearchIndexer.exe 4500 SearchIndexer.exe 4500 SearchIndexer.exe -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid process 1380 Setup.exe 1904 more.com -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Setup.exemore.comdescription pid process target process PID 1380 wrote to memory of 1904 1380 Setup.exe more.com PID 1380 wrote to memory of 1904 1380 Setup.exe more.com PID 1380 wrote to memory of 1904 1380 Setup.exe more.com PID 1380 wrote to memory of 1904 1380 Setup.exe more.com PID 1904 wrote to memory of 4500 1904 more.com SearchIndexer.exe PID 1904 wrote to memory of 4500 1904 more.com SearchIndexer.exe PID 1904 wrote to memory of 4500 1904 more.com SearchIndexer.exe PID 1904 wrote to memory of 4500 1904 more.com SearchIndexer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Program\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Program\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4500
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1011KB
MD5179d2698cb7977135b9d6d37ddbb6537
SHA19d73bdbca18e7553f4425e500cb2855eaf2e397b
SHA25661d1518e85e793b86067ec99de7d20d8ff3256086cfc49c1b7e7aa2bb580dd88
SHA5125ace100c290c3384e0063202caf758b8604725f0255c3d18cc01feb93ee681eef8dd3be19d47de3075c52e6b68e714a28b1905e1a389ca7ffedf6a0bc9ccaf4e