Resubmissions
10-07-2024 23:37
240710-3mj98syeqb 1010-07-2024 23:31
240710-3hybaswcqj 1010-07-2024 23:21
240710-3b5f2awall 10Analysis
-
max time kernel
418s -
max time network
454s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-es -
resource tags
arch:x64arch:x86image:win10v2004-20240709-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
10-07-2024 23:31
Static task
static1
Behavioral task
behavioral1
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
Resource
win10-20240404-es
General
-
Target
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
-
Size
2.7MB
-
MD5
0bceb88aed8c6bb2f5d20c050af530b3
-
SHA1
6ec563e2cc84bd115ca4c325f25860d9c7a57149
-
SHA256
edef6777be8dbb15748bcf1332c0a7e49e5d8b8793ff23ccfb41da2d3ff1c0cc
-
SHA512
eb3c3d5622684fa4f2d55b8307d6fef898404382a7fc8f2dc350bf6633cb700e5cae778d3315367f88d2b605ebe71a6d691bfd10b9432ce4c164ada9c85842f4
-
SSDEEP
49152:c6B7KXGRde2dWchGri7yFjqsh+/Kq6AO96P2up7mnEhyha/h8:c6hKmdPWAx7DK+l6Q6EQX
Malware Config
Extracted
lumma
https://bittercoldzzdwu.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 4352 set thread context of 3284 4352 Setup.exe 99 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.exemore.compid Process 4352 Setup.exe 4352 Setup.exe 3284 more.com 3284 more.com -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid Process 4352 Setup.exe 3284 more.com -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Setup.exemore.comdescription pid Process procid_target PID 4352 wrote to memory of 3284 4352 Setup.exe 99 PID 4352 wrote to memory of 3284 4352 Setup.exe 99 PID 4352 wrote to memory of 3284 4352 Setup.exe 99 PID 4352 wrote to memory of 3284 4352 Setup.exe 99 PID 3284 wrote to memory of 2548 3284 more.com 101 PID 3284 wrote to memory of 2548 3284 more.com 101 PID 3284 wrote to memory of 2548 3284 more.com 101 PID 3284 wrote to memory of 2548 3284 more.com 101
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip1⤵PID:4596
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3724
-
C:\Users\Admin\Desktop\!~!SetUp_2025_Pa$$W0rd$s!!%!~\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"C:\Users\Admin\Desktop\!~!SetUp_2025_Pa$$W0rd$s!!%!~\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4352 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3284 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:2548
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD506e5d82d606ca173573c88546118bb66
SHA1050ab740c6461e24c58d32b7368dbaecfd751a5a
SHA2562aa98fcdd9104ac8747f6cbb6f85d6baad14ae7231d8b22d444dfa0ccfbe00fd
SHA5121070c17cccbf4f437583e3f0fcf7a5cb53ac8803d3b60cd1d52099b13c2d86bde91bd9a019415f32ce077580e6355ca25d0bd26200e1d7da4e4af17671d7ad5c