Analysis
-
max time kernel
90s -
max time network
206s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
10-07-2024 19:29
Static task
static1
Behavioral task
behavioral1
Sample
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
Resource
win11-20240709-en
General
-
Target
!!SetUp_!PaS$Kḙy$!_39168/Setup.exe
-
Size
250KB
-
MD5
850a43e323656b86ae665d8b4fd71369
-
SHA1
099d6e80c394ccc5233e1cbd6b29769da9e0e2aa
-
SHA256
539423d2e436e198df15b5577d816dc306ba4c03b1362f7731e675b51f4a5f42
-
SHA512
1f2778040e906ea2939a8b0a682e267599aa8422f81ea83bb6c980a304b569ad750ef3e81e1490edd5b1d74e734a2cb82f428f47096c55436037e03e516d2378
-
SSDEEP
6144:WEq38uejOBA0ItZ1PNWPQqLlXXXXVXDBsXdZC/R0EjW0VnXNvdroJ:/q0jOBARWPRLlXXXXVXSXdZk0EjW0VnM
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid Process procid_target PID 2108 set thread context of 4972 2108 Setup.exe 78 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Setup.exemore.compid Process 2108 Setup.exe 2108 Setup.exe 4972 more.com 4972 more.com -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Setup.exemore.compid Process 2108 Setup.exe 4972 more.com -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Setup.exemore.comdescription pid Process procid_target PID 2108 wrote to memory of 4972 2108 Setup.exe 78 PID 2108 wrote to memory of 4972 2108 Setup.exe 78 PID 2108 wrote to memory of 4972 2108 Setup.exe 78 PID 2108 wrote to memory of 4972 2108 Setup.exe 78 PID 4972 wrote to memory of 2472 4972 more.com 80 PID 4972 wrote to memory of 2472 4972 more.com 80 PID 4972 wrote to memory of 2472 4972 more.com 80 PID 4972 wrote to memory of 2472 4972 more.com 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\!!SetUp_!PaS$Kḙy$!_39168\Setup.exe"C:\Users\Admin\AppData\Local\Temp\!!SetUp_!PaS$Kḙy$!_39168\Setup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:2472
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5511861c7e3e7546fdd38a478bfccaf39
SHA1d8ae83786a5e780ea9164bd51d08b38f3fc23102
SHA2567b7e6bcc0ade2e737f395362f3e21edda4822fc4d760041987faaad9e02aebfe
SHA512136256927c4b372989c2785d2baf3f9a9d922bcee415c3c2e187eb78fea706b1550200122644194ecce0e57e9e941987f8f9f8f3eb51fbe759fbbb0afee6fef6