672ac4cdbb001fb51206fa708d6daf9f9972d757e97ba2ff3730bab05aef90a8

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

!ŞetUp_64851--#PaSꞨKḙy#$$/Setup.exe
Size

12.0MB
MD5

a7118dffeac3772076f1a39a364d608d
SHA1

6b984d9446f23579e154ec47437b9cf820fd6b67
SHA256

f1973746ac0a703b23526f68c639436f0b26b0bc71c4f5adf36dc5f6e8a7f4d0
SHA512

f547c13b78acda9ca0523f0f8cd966c906f70a23a266ac86156dc7e17e6349e5f506366787e7a7823e2b07b0d614c9bd08e34ca5cc4f48799b0fe36ac836e890
SSDEEP

98304:ReAtQzKADvk/9TEaImN9/tiHBIn8c3hCEFRUTaZnPZOtXwH:ReAOWOM/FE1mNHiFc3hr7UTaZnhOtXwH

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2312 set thread context of 1600	2312	Setup.exe	30

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2312	Setup.exe
2312	Setup.exe
1600	more.com
1600	more.com

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2312	Setup.exe
1600	more.com

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1600	2312	Setup.exe	30
PID 2312 wrote to memory of 1600	2312	Setup.exe	30
PID 2312 wrote to memory of 1600	2312	Setup.exe	30
PID 2312 wrote to memory of 1600	2312	Setup.exe	30
PID 2312 wrote to memory of 1600	2312	Setup.exe	30
PID 1600 wrote to memory of 3056	1600	more.com	33
PID 1600 wrote to memory of 3056	1600	more.com	33
PID 1600 wrote to memory of 3056	1600	more.com	33
PID 1600 wrote to memory of 3056	1600	more.com	33
PID 1600 wrote to memory of 3056	1600	more.com	33

C:\Users\Admin\AppData\Local\Temp\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\!ŞetUp_64851--#PaSꞨKḙy#$$\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Windows\SysWOW64\SearchIndexer.exe
    C:\Windows\SysWOW64\SearchIndexer.exe
    3⤵
    PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\67af4145

Filesize
992KB

MD5
d49c42ef4268c38d0394e36c28a46e33

SHA1
07001f61241d74653845c3ed4e66f3c0b605b644

SHA256
da469ba8795f82672d4e89500b701b17f10fbaea2a6ea98323fed6fcb4d18b81

SHA512
bd85835fea8e7a120a5542ee1be226ffaba9aa3a651d08fa676cadd591972b65dcee1d6e3d7f7b8914666f9b82b76b0d30590ebf1413021f445afab6c004e430

Download Submit
memory/1600-12-0x000000007674E000-0x0000000076750000-memory.dmp

Filesize
8KB

Download
memory/1600-20-0x000000007674E000-0x0000000076750000-memory.dmp

Filesize
8KB

Download
memory/1600-15-0x0000000076740000-0x00000000768DD000-memory.dmp

Filesize
1.6MB

Download
memory/1600-13-0x0000000076740000-0x00000000768DD000-memory.dmp

Filesize
1.6MB

Download
memory/1600-11-0x0000000076740000-0x00000000768DD000-memory.dmp

Filesize
1.6MB

Download
memory/1600-10-0x0000000077340000-0x00000000774E9000-memory.dmp

Filesize
1.7MB

Download
memory/2312-6-0x000007FEFE410000-0x000007FEFE5E7000-memory.dmp

Filesize
1.8MB

Download
memory/2312-0-0x000007FEFE410000-0x000007FEFE5E7000-memory.dmp

Filesize
1.8MB

Download
memory/2312-8-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2312-5-0x000007FEFE410000-0x000007FEFE5E7000-memory.dmp

Filesize
1.8MB

Download
memory/2312-4-0x000007FEFE428000-0x000007FEFE429000-memory.dmp

Filesize
4KB

Download
memory/3056-16-0x0000000077340000-0x00000000774E9000-memory.dmp

Filesize
1.7MB

Download
memory/3056-17-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3056-18-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3056-19-0x000000000047D000-0x0000000000485000-memory.dmp

Filesize
32KB

Download