Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 19:29
Static task
static1
Behavioral task
behavioral1
Sample
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
Resource
win11-20240709-en
General
-
Target
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
-
Size
250KB
-
MD5
850a43e323656b86ae665d8b4fd71369
-
SHA1
099d6e80c394ccc5233e1cbd6b29769da9e0e2aa
-
SHA256
539423d2e436e198df15b5577d816dc306ba4c03b1362f7731e675b51f4a5f42
-
SHA512
1f2778040e906ea2939a8b0a682e267599aa8422f81ea83bb6c980a304b569ad750ef3e81e1490edd5b1d74e734a2cb82f428f47096c55436037e03e516d2378
-
SSDEEP
6144:WEq38uejOBA0ItZ1PNWPQqLlXXXXVXDBsXdZC/R0EjW0VnXNvdroJ:/q0jOBARWPRLlXXXXVXSXdZk0EjW0VnM
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 2400 set thread context of 2840 2400 Setup.exe 31 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.exemore.compid Process 2400 Setup.exe 2400 Setup.exe 2840 more.com 2840 more.com -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid Process 2400 Setup.exe 2840 more.com -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
Setup.exemore.comdescription pid Process procid_target PID 2400 wrote to memory of 2840 2400 Setup.exe 31 PID 2400 wrote to memory of 2840 2400 Setup.exe 31 PID 2400 wrote to memory of 2840 2400 Setup.exe 31 PID 2400 wrote to memory of 2840 2400 Setup.exe 31 PID 2400 wrote to memory of 2840 2400 Setup.exe 31 PID 2840 wrote to memory of 2680 2840 more.com 33 PID 2840 wrote to memory of 2680 2840 more.com 33 PID 2840 wrote to memory of 2680 2840 more.com 33 PID 2840 wrote to memory of 2680 2840 more.com 33 PID 2840 wrote to memory of 2680 2840 more.com 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\!!SetUp_!PaS$Kḙy$!_39168\Setup.exe"C:\Users\Admin\AppData\Local\Temp\!!SetUp_!PaS$Kḙy$!_39168\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:2680
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5242c77894bab5cfa10c376e47f5b81e2
SHA1ba01bba48ee43e07370d3a3468b9d3923765c263
SHA25677f13a9b4eb9ecedcd0681d1d941d9bcf049e9176ecf95b38e63b1f20db359e0
SHA512ea7d447dc23e6d8f8a0e34e3a83098f82de52f8918cb44e642b47670a4187bfd217212c556efbc808b21b2a723da6d507d12f23933695a5cb94c549ced065f02