f9d115c7c957cf0f288560b1c3b187b0a9eee243c2c84b18050b91c55e7919b2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 11:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

3.7MB
MD5

10faa46099e11fc5255bd34ba2c389af
SHA1

02d6c75f2328afc8b645142a1e06b01f6aade7d7
SHA256

a55f47f4ee7ae494ae312522bd51680c4bff3a85710bdb003a808402fb46ba93
SHA512

e5c9e8ad7fa2477d6a67704f6bea126d5ee0f5f79592c2bf87627bb6a256a719c617f16b7b0752a06467707163c45555cb159873cac06f26ace760a6d9c23b22
SSDEEP

98304:pD60hlTD4gxcf/CEuUajK1pRR0V59zq6UzhDs:V6GTD4Rr1aMpLIHuzhDs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4180	is-P5PJB.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 4180	4812	setup.exe	84
PID 4812 wrote to memory of 4180	4812	setup.exe	84
PID 4812 wrote to memory of 4180	4812	setup.exe	84

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Users\Admin\AppData\Local\Temp\is-NFEIN.tmp\is-P5PJB.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NFEIN.tmp\is-P5PJB.tmp" /SL4 $5027C "C:\Users\Admin\AppData\Local\Temp\setup.exe" 3565048 55296
  2⤵
  - Executes dropped EXE
  PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-NFEIN.tmp\is-P5PJB.tmp

Filesize
658KB

MD5
aea97c227cd9e79ed129ed2d79ef25ea

SHA1
3142dc84f31d2ca71f2d02c8f3cc03f6298bda85

SHA256
608eeec6d1144d65d4f10580bd32af05a6bcd3299d978a7ad0d190da3f501f58

SHA512
b81817ca8730dd2275f15e6bf3c84794c819d729e6ca7e23c6fb9e56a2e0e786ba62b8d829e27fe94e1eada258a9d846bf28763723c690731b64d4b363b808d6

Download Submit
memory/4180-12-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/4180-14-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/4812-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4812-2-0x0000000000401000-0x000000000040A000-memory.dmp

Filesize
36KB

Download
memory/4812-13-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download