Analysis
-
max time kernel
213s -
max time network
278s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
10-07-2024 21:48
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win11-20240709-en
General
-
Target
Setup.exe
-
Size
615KB
-
MD5
dc84316edb865322b717dc0b513f9250
-
SHA1
7c656d520eebfa09dc64ac41ec68f16d9eeda6eb
-
SHA256
cb179e183889158c92bf834e3167b9a6d99df1789d978e4d38f62ecf5cb57301
-
SHA512
34336ad58648f62bb03682dc64cb8371415d518c33322a293b18d8f88c0e8083063345e44ecd8b38c67487195a938ffdf6ff628cc537458dc674b4753488d701
-
SSDEEP
12288:oKRrIhKWiqPYYOI0vy7aHGZITZhq4q4MTJLH8eOYEn8x5ALnlndtwkBj3TwvCTMs:oKRgm
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Setup.exepid Process 2816 Setup.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 2816 set thread context of 1388 2816 Setup.exe 79 -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79 PID 2816 wrote to memory of 1388 2816 Setup.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"2⤵PID:1388
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
423KB
MD5a062b952fb6c08bf533dfd95b16acf48
SHA162567a201923700ac98582adc292076ea9323420
SHA256e8498decc337b420e9bdad326e31215fcd97f7b2fc961d7a4fc7c9ef7f396ad5
SHA512131ac7ffc85e6e26caa624ec51aa7782bb9a08834a78d44af7065ed4d1d8fb65ac4919ddbe45aed349c0c5a466fa7af80792953780b26d4d828b0089760a3407