Resubmissions
10-07-2024 23:37
240710-3mj98syeqb 1010-07-2024 23:31
240710-3hybaswcqj 1010-07-2024 23:21
240710-3b5f2awall 10Analysis
-
max time kernel
315s -
max time network
398s -
platform
windows10-1703_x64 -
resource
win10-20240404-es -
resource tags
arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
10-07-2024 23:31
Static task
static1
Behavioral task
behavioral1
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
Resource
win10-20240404-es
General
-
Target
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
-
Size
2.7MB
-
MD5
0bceb88aed8c6bb2f5d20c050af530b3
-
SHA1
6ec563e2cc84bd115ca4c325f25860d9c7a57149
-
SHA256
edef6777be8dbb15748bcf1332c0a7e49e5d8b8793ff23ccfb41da2d3ff1c0cc
-
SHA512
eb3c3d5622684fa4f2d55b8307d6fef898404382a7fc8f2dc350bf6633cb700e5cae778d3315367f88d2b605ebe71a6d691bfd10b9432ce4c164ada9c85842f4
-
SSDEEP
49152:c6B7KXGRde2dWchGri7yFjqsh+/Kq6AO96P2up7mnEhyha/h8:c6hKmdPWAx7DK+l6Q6EQX
Malware Config
Extracted
lumma
https://bittercoldzzdwu.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 1656 set thread context of 3984 1656 Setup.exe 78 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.exemore.compid Process 1656 Setup.exe 1656 Setup.exe 3984 more.com 3984 more.com -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid Process 1656 Setup.exe 3984 more.com -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Setup.exemore.comdescription pid Process procid_target PID 1656 wrote to memory of 3984 1656 Setup.exe 78 PID 1656 wrote to memory of 3984 1656 Setup.exe 78 PID 1656 wrote to memory of 3984 1656 Setup.exe 78 PID 1656 wrote to memory of 3984 1656 Setup.exe 78 PID 3984 wrote to memory of 4404 3984 more.com 80 PID 3984 wrote to memory of 4404 3984 more.com 80 PID 3984 wrote to memory of 4404 3984 more.com 80 PID 3984 wrote to memory of 4404 3984 more.com 80
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip1⤵PID:2372
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4884
-
C:\Users\Admin\Desktop\!~!SetUp_2025_Pa$$W0rd$s!!%!~\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"C:\Users\Admin\Desktop\!~!SetUp_2025_Pa$$W0rd$s!!%!~\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3984 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:4404
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD503ed35c1da1e7c102bb48e7e54a9d7a0
SHA13721b892d5718e8f8bf6e961d58eaed84ee0fdc5
SHA2563f65eb58a19d90e872e8e36ffb1f03c35e7a5c0dff7bdac82034dfc52bd56dbe
SHA51255a59f462e9363ecae179d59ee1954eb30a8f09099e1aead807c3b9542c13fe15af51798e2fdc82646708cf593f8d59114bcadd56e32739a0056369c2a3dc448