Resubmissions
10-07-2024 23:37
240710-3mj98syeqb 1010-07-2024 23:31
240710-3hybaswcqj 1010-07-2024 23:21
240710-3b5f2awall 10Analysis
-
max time kernel
214s -
max time network
280s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
10-07-2024 23:21
Static task
static1
Behavioral task
behavioral1
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/Setup.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/Setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/Setup.exe
Resource
win11-20240709-en
General
-
Target
!~!SetUp_2025_Pa$$W0rd$s!!%!~/Setup.exe
-
Size
2.2MB
-
MD5
d9530ecee42acccfd3871672a511bc9e
-
SHA1
89b4d2406f1294bd699ef231a4def5f495f12778
-
SHA256
81e04f9a131534acc0e9de08718c062d3d74c80c7f168ec7e699cd4b2bd0f280
-
SHA512
d5f048ea995affdf9893ec4c5ac5eb188b6714f5b6712e0b5a316702033421b145b8ee6a62d303eb4576bf8f57273ff35c5d675807563a31157136f79d8a9980
-
SSDEEP
49152:rHOut2Bf0ajIM8XEEN6N0rE/I/vqn7krQEQusd5F:VbaMbXbE/I/SnwrQEQusd/
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 3640 set thread context of 4688 3640 Setup.exe 82 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.exemore.compid Process 3640 Setup.exe 3640 Setup.exe 4688 more.com 4688 more.com -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid Process 3640 Setup.exe 4688 more.com -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Setup.exemore.comdescription pid Process procid_target PID 3640 wrote to memory of 4688 3640 Setup.exe 82 PID 3640 wrote to memory of 4688 3640 Setup.exe 82 PID 3640 wrote to memory of 4688 3640 Setup.exe 82 PID 3640 wrote to memory of 4688 3640 Setup.exe 82 PID 4688 wrote to memory of 784 4688 more.com 85 PID 4688 wrote to memory of 784 4688 more.com 85 PID 4688 wrote to memory of 784 4688 more.com 85 PID 4688 wrote to memory of 784 4688 more.com 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"C:\Users\Admin\AppData\Local\Temp\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3640 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4688 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:784
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5329fbb3e27d8781439e61a57e9053dd9
SHA173e67e926368927da584e1d2fec1f97974b0145b
SHA25601d1b6f18720999fa29924ecb261ccfc3cea7d3aecccd7cdfce964df5bb452a5
SHA512d03d7d6762e60e60e6d24b6b3c0229a67dc5129a4640b37844486d429cc716aaf803b055e16a39acfa54c7098db308531e4c9245004f075a2e46705aad58cdbf