Resubmissions
10-07-2024 23:37
240710-3mj98syeqb 1010-07-2024 23:31
240710-3hybaswcqj 1010-07-2024 23:21
240710-3b5f2awall 10Analysis
-
max time kernel
315s -
max time network
620s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
10-07-2024 23:37
Static task
static1
Behavioral task
behavioral1
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
Resource
win10-20240404-en
General
-
Target
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
-
Size
2.7MB
-
MD5
0bceb88aed8c6bb2f5d20c050af530b3
-
SHA1
6ec563e2cc84bd115ca4c325f25860d9c7a57149
-
SHA256
edef6777be8dbb15748bcf1332c0a7e49e5d8b8793ff23ccfb41da2d3ff1c0cc
-
SHA512
eb3c3d5622684fa4f2d55b8307d6fef898404382a7fc8f2dc350bf6633cb700e5cae778d3315367f88d2b605ebe71a6d691bfd10b9432ce4c164ada9c85842f4
-
SSDEEP
49152:c6B7KXGRde2dWchGri7yFjqsh+/Kq6AO96P2up7mnEhyha/h8:c6hKmdPWAx7DK+l6Q6EQX
Malware Config
Extracted
lumma
https://bittercoldzzdwu.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 3744 set thread context of 4236 3744 Setup.exe 79 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.exemore.compid Process 3744 Setup.exe 3744 Setup.exe 4236 more.com 4236 more.com -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid Process 3744 Setup.exe 4236 more.com -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Setup.exemore.comdescription pid Process procid_target PID 3744 wrote to memory of 4236 3744 Setup.exe 79 PID 3744 wrote to memory of 4236 3744 Setup.exe 79 PID 3744 wrote to memory of 4236 3744 Setup.exe 79 PID 3744 wrote to memory of 4236 3744 Setup.exe 79 PID 4236 wrote to memory of 1280 4236 more.com 81 PID 4236 wrote to memory of 1280 4236 more.com 81 PID 4236 wrote to memory of 1280 4236 more.com 81 PID 4236 wrote to memory of 1280 4236 more.com 81
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip1⤵PID:3604
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3396
-
C:\Users\Admin\Desktop\!~!SetUp_2025_Pa$$W0rd$s!!%!~\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"C:\Users\Admin\Desktop\!~!SetUp_2025_Pa$$W0rd$s!!%!~\!~!SetUp_2025_Pa$$W0rd$s!!%!~\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3744 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4236 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:1280
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5ce5aad26f67385d60169d5e6de4c3cbe
SHA1c1cf9100a732b5cf5530b097f5e2ac7c043885c4
SHA256d8d634b29a61c4a5782d57726e078bf1139d3b4f7cb0f401a278aca08fba9bb5
SHA5125428a0c6dd558a857feb98f25dbf621871926840c09482155aaa2811678a3566d4554bce1b7f51e944def68764faad4497e7670dfd07b535b3c951774b83ddd3