Overview
overview
10Static
static
3!ŞetUp_51...FS.dll
windows7-x64
1!ŞetUp_51...FS.dll
windows10-2004-x64
1!ŞetUp_51...se.dll
windows7-x64
1!ŞetUp_51...se.dll
windows10-2004-x64
1!ŞetUp_51...on.dll
windows7-x64
1!ŞetUp_51...on.dll
windows10-2004-x64
1!ŞetUp_51...le.dll
windows7-x64
1!ŞetUp_51...le.dll
windows10-2004-x64
1!ŞetUp_51...1].exe
windows7-x64
1!ŞetUp_51...1].exe
windows10-2004-x64
1!ŞetUp_51...et.dll
windows7-x64
1!ŞetUp_51...et.dll
windows10-2004-x64
1!ŞetUp_51...ng.dll
windows7-x64
1!ŞetUp_51...ng.dll
windows10-2004-x64
1!ŞetUp_51...GL.dll
windows7-x64
1!ŞetUp_51...GL.dll
windows10-2004-x64
3!ŞetUp_51...-1.dll
windows7-x64
3!ŞetUp_51...-1.dll
windows10-2004-x64
3!ŞetUp_51...up.exe
windows7-x64
1!ŞetUp_51...up.exe
windows10-2004-x64
10!ŞetUp_51...et.xls
windows7-x64
1!ŞetUp_51...et.xls
windows10-2004-x64
1!ŞetUp_51...lf.dll
windows7-x64
1!ŞetUp_51...lf.dll
windows10-2004-x64
1!ŞetUp_51...st.asp
windows7-x64
3!ŞetUp_51...st.asp
windows10-2004-x64
3Analysis
-
max time kernel
101s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06-07-2024 01:07
Static task
static1
Behavioral task
behavioral1
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/AlphaFS.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/AlphaFS.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/License.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/License.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/Newtonsoft.Json.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/Newtonsoft.Json.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/VersionStable.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/VersionStable.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/Extreme.Net.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/Extreme.Net.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/Injecting.dll
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/Injecting.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/libEGL.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/libEGL.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/libgcc_s_dw2-1.dll
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Libs/libgcc_s_dw2-1.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/caret.xls
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/caret.xls
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/msedge_elf.dll
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/msedge_elf.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/test.asp
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
!ŞetUp_51286--#PaSꞨKḙy#$$/test.asp
Resource
win10v2004-20240704-en
General
-
Target
!ŞetUp_51286--#PaSꞨKḙy#$$/caret.xls
-
Size
779KB
-
MD5
4d4b5ccd0ff38d099e68792ee07c4a99
-
SHA1
f529d6bb59e1edd6ee57b7ceca20afaa2272d157
-
SHA256
90b7b1dbc330af1f1d80403bacb25b46506b666aa9182fef90aaec5d612507a7
-
SHA512
b8113fef6c0e7dea4ad6615fa0a451e72f481d72691d9f4001196be7784df8620ea8b7c00456a546204e0540580eaa13a4bb7ed18ef90ba7a7022682573484f6
-
SSDEEP
24576:77Z3f25EtWkLrj3JbYNkORIyRJ505UJ3z1lyhgG:puqJbMkU05UJDGhv
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 4372 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
EXCEL.EXEpid process 4372 EXCEL.EXE 4372 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
EXCEL.EXEpid process 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE 4372 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\!ŞetUp_51286--#PaSꞨKḙy#$$\caret.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize3KB
MD5ccf237ee4c8894d8e9f32b6088192757
SHA138248a873aee841015445fe37d19032c4e1d5a95
SHA25672f733afd0850feaf255b5a134b31a1fa7c512c9f858002a35581c14a96817c2
SHA51279cce476bba28ba04da8298ddd92ffbb6b963fb4f07efbbdc0a5a9f476b563b10e532fc10367dbed9d62d6d78d917cc877bc9d57f7371e2c8dcdbced30a29d14