Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2024 08:21

General

  • Target

    Setup.exe

  • Size

    3.1MB

  • MD5

    b841d408448f2a07f308ced1589e7673

  • SHA1

    f5b5095c0ed69d42110df6d39810d12b1fa32a1e

  • SHA256

    69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699

  • SHA512

    a689734048109ab7bec9491bbb7781686c19c7885166b3ca2975e2f49e956fcc388cd8ca85a4e5a8bf9efe6056f1e0d80197b7f521d4f0d4cadb10ba9ef1fa93

  • SSDEEP

    49152:pvFg5qg9BtIAHE3SM4ahx6LK2SamuZob+tCjNrv8:Jm5qGBHBLRKuZfkjNrv8

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Windows\SysWOW64\more.com
      C:\Windows\SysWOW64\more.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Windows\SysWOW64\SearchIndexer.exe
        C:\Windows\SysWOW64\SearchIndexer.exe
        3⤵
          PID:2660

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\9b58cee0

      Filesize

      1014KB

      MD5

      510ba4de69ac46444e238cfed5bc867c

      SHA1

      cc8ada9609e5ad829320e55b11367c987ca1b400

      SHA256

      229fbf1c5cf783bf448f57f789d12617089f316786d919813f19a7307d235044

      SHA512

      223cfd77ee75d5f5654ff23b4eb8a05a2aaaab868f1421cbab10e950bbb45f3e84d640f54feac35b06bcf8b155a777c772190f7331e74ce4cd2a2d214781f3a5

    • memory/1772-13-0x000000004A600000-0x000000004A6EC000-memory.dmp

      Filesize

      944KB

    • memory/1772-2-0x0000000077280000-0x0000000077429000-memory.dmp

      Filesize

      1.7MB

    • memory/1772-9-0x0000000074350000-0x00000000743E7000-memory.dmp

      Filesize

      604KB

    • memory/1772-8-0x0000000074362000-0x0000000074364000-memory.dmp

      Filesize

      8KB

    • memory/1772-10-0x0000000074350000-0x00000000743E7000-memory.dmp

      Filesize

      604KB

    • memory/1772-1-0x0000000074350000-0x00000000743E7000-memory.dmp

      Filesize

      604KB

    • memory/1772-0-0x00000000008D0000-0x00000000009DB000-memory.dmp

      Filesize

      1.0MB

    • memory/1772-14-0x00000000008D0000-0x00000000009DB000-memory.dmp

      Filesize

      1.0MB

    • memory/1772-12-0x0000000000400000-0x0000000000711000-memory.dmp

      Filesize

      3.1MB

    • memory/2660-23-0x0000000077280000-0x0000000077429000-memory.dmp

      Filesize

      1.7MB

    • memory/2660-25-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

    • memory/2660-24-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

    • memory/3068-17-0x0000000074350000-0x00000000743E7000-memory.dmp

      Filesize

      604KB

    • memory/3068-22-0x0000000074350000-0x00000000743E7000-memory.dmp

      Filesize

      604KB

    • memory/3068-20-0x0000000074350000-0x00000000743E7000-memory.dmp

      Filesize

      604KB

    • memory/3068-19-0x0000000074350000-0x00000000743E7000-memory.dmp

      Filesize

      604KB

    • memory/3068-18-0x0000000077280000-0x0000000077429000-memory.dmp

      Filesize

      1.7MB