b5a7df1bce14af47db87f45e2ee5c2f53408d181da89d3490298e49714902a03

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/IcqInstallerData/Setup.exe
Size

4.3MB
MD5

81999315f4fb6e6944ecd0caed8df5e0
SHA1

461b7aeed4f52c1af768bfe8255bc55dc3b92f9a
SHA256

33cfcc4b00a9b0177a0730ab2066479c73b2982fb2eb586d4566869ef16f3488
SHA512

ada361833fbe2a1ed5ead26656b3a12fcc9277428e3cdfdbf03520f1c135d22d95fac3c3d511962f9f471b7eb8bd4e47ac3b0a80ce19d8467f265f132ad6b3cf
SSDEEP

98304:niJe/WQyKA108QS8hMc2OWnel4ryIkeGOilaIhYLyBKeTwN:ni7Su4bh8veAFEQSBzTwN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
704	ISBEW64.exe

Loads dropped DLL 12 IoCs

pid	Process
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe
1644	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1644	Setup.exe
1644	Setup.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 704	1644	Setup.exe	88
PID 1644 wrote to memory of 704	1644	Setup.exe	88

C:\Users\Admin\AppData\Local\Temp\$TEMP\IcqInstallerData\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\IcqInstallerData\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\ISBEW64.exe
  C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{099EF899-CF77-42D2-9DC4-C582D4F7CA61}
  2⤵
  - Executes dropped EXE
  PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{504091C8-20B5-45C2-90D3-969DB61AE422}\Disk1\ISSetup.dll

Filesize
523KB

MD5
6c48e05107eb494620ab0dc96d3c5b80

SHA1
e6ced277de082bd8e2ccbfad7a1d5cd1e9db85ab

SHA256
13223e7fbeb3dac968de77e6be974a36f86dc07884cc0e80eabf8b817ccb4a04

SHA512
983e3d3012114af3da009c5d46ce467c7a9c6023766b54afe58137654bb5a1c1eda2fd1ff4b1902102e8315b80557efa58dbcf01641dde07924285bd015a196a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{504091C8-20B5-45C2-90D3-969DB61AE422}\_Setup.dll

Filesize
152KB

MD5
5d52df000ef2e882bc50c6796b1db21d

SHA1
acf07ee55eb79411a17d0fe3923dc5d207603bee

SHA256
b9848f612246a8c58ca223960d6cd563f4f46574bd23bfe79c286115f9f5a59f

SHA512
b43f627bcdfa19ab6b697514a46ef2477d0616e5ef0b189cd09d804a213ee15dedad62a24a33cffe986afab155d3e266e6a1bf042c6266906e45077a43bd6d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{504091C8-20B5-45C2-90D3-969DB61AE422}\setup.ini

Filesize
445B

MD5
dd93ad63d9340fce6f1213dd80f00a2c

SHA1
ce1bc050e9733a14b5ab69a629be1cd60c80d276

SHA256
77e3d6a34c3e6491417cbec2a16df87bfd87ba2f4ed46ce83aa6e1066aba1836

SHA512
a5b8745b1c266a159a88a93b768144390df7ae06cc519f98793c776f25fb6facc0ef76bbe31ae6ad6583a351acbe09c6be4136e51359a6d2b23cd656656d5139

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\ISBEW64.exe

Filesize
117KB

MD5
21ba1ba092a4964c7353a8a1e902dfdd

SHA1
7150416612778da593270807e31ab4ad8a79eff0

SHA256
fe3483bf3fc915aa5d2d66551cce5dc010a670b1ca8ebada0572286833da6cdd

SHA512
68124b387d52aedda07f8fe1ee4bf5089614a4f4ce1b81ca022aacd5efda4ec8e3f84e8d14ec5ce3ffe69cf7648d0434f99eb9211dfa0201587749ea26984f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\7z.dll

Filesize
838KB

MD5
66eaaceb487dfb71aaafc22fc8c69a16

SHA1
ee35a9847c12d55e6e4bcd9c739f087e5374cabc

SHA256
b7b8c95e0e45cafe7bad13778ac6ba056a8afacc005864b3f3d84eb6ef2c8abf

SHA512
91bb0dbe79cec46b49beeef104b5f194338ba395a728887d45e4ca8049f47ae6306b6d94fcbc0b41e5f43c2a287e3de582dcb85f31e8753baeb243957ba57f54

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\MReport.dll

Filesize
77KB

MD5
6af99582a98d1fb6939d653a4fed69d4

SHA1
abf6532a93ab7f48bc4fdfed709f859a5357486d

SHA256
fbd457011226a038c972f5596b85309cb2b5a43e238d2c61890ebd0d0edc05a5

SHA512
bb1386a2d2373b4faab0eafd6d2be2f2378703aa4c5f4761c319f666a82b35e0739c7b4bec09530e1996a440a704cb9ad7bfec7b33782efa0e1df24c9328feef

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\MoveIt.dll

Filesize
466KB

MD5
bdcf9eaed2b597d34eed93086c457e9b

SHA1
a96600869f190f01860f0bbeabcaf937e19a10b9

SHA256
8613fdd04bc6a8ae403bb80453eb15287a8604d377a6388cd844e4305fa2fefb

SHA512
4a7b1f5123c05a77ce8beb06f69c1fa1ae37c480c5b3cf8564f9ddaaaec530ad1846d5ae6d962afcd63abe4abe91a422052b9463be2ef0a17c7422bc9bc925b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\_IsRes.dll

Filesize
119KB

MD5
c30e31b1c428da04fbb79fb296c8ecff

SHA1
b808a2acedea1b351b236e9b61467b456a7cfe1c

SHA256
f5b0474a9fd81d8e406a1c0d6bac5425e2cbee2811201e77496b6cd9d1f5e00f

SHA512
c2b2446414804e536925a55c1d0e4df071ee21a889ee818f0fa2ff032b7588fde0935a15587001ba375160b56e419228590bc3ebb4c0e4c9deea1fcab856071b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\browserInstaller.dll

Filesize
477KB

MD5
0aa4db1128ee3da21ea1fa1eeeb33425

SHA1
cff9f4987f881663df18369e519dac39a0e887d4

SHA256
6af4c8691bbe7e07e12e0845b5a739321daf4de22e91543a560c4a612e46817d

SHA512
9a73788b0d71e94d0314d6a3afeaecf268741cc43baeec6bd515cfa8ac2c151c2edb057d6375331ab2733418cd78c695e4e0f39f9624a0e29502e304d4a928d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\isrt.dll

Filesize
216KB

MD5
da0ee712706f39781c460acb57b5430e

SHA1
724e8f6c7360f20f6028df1955cad397062c1501

SHA256
02ed64d11444ca1242eaa221c077a2f68cb2f0fcda0b934cae63ba89e38741d6

SHA512
1b00b9bc376f3ad7b1ecf8852efa60c8017f854812aff12bc5ff535d169382335842bc8b7f641624ed3b7673ed6180d467bfb50200cd24b156934a5d14f1d986

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A87C4B74-5952-4075-9D00-18D5992222FD}\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\setup.inx

Filesize
367KB

MD5
a87a99c74f8003b05f7c2438f777f2e0

SHA1
3721b1217638072d1d9089287c7f4eb70356de9a

SHA256
0c57d7e7134b796a52b40e617b9d42b8adaf8664f8fe68a166100595363e2635

SHA512
d0c3a6d9b7136e563e2ddc6c8a69dbc39bcda5ceb9b87c2abfa311548421227ecbf87c0da29380ec0c762a1f3a92480b2e21213c8cd54203211aa0b18a848194

Download Submit
memory/1644-184-0x00000000025A0000-0x0000000002731000-memory.dmp

Filesize
1.6MB

Download
memory/1644-28-0x00000000025A0000-0x0000000002731000-memory.dmp

Filesize
1.6MB

Download
memory/1644-29-0x000000000272F000-0x0000000002730000-memory.dmp

Filesize
4KB

Download
memory/1644-190-0x00000000059F0000-0x0000000005A7F000-memory.dmp

Filesize
572KB

Download
memory/1644-192-0x00000000025A0000-0x0000000002731000-memory.dmp

Filesize
1.6MB

Download
memory/1644-27-0x00000000025A0000-0x0000000002731000-memory.dmp

Filesize
1.6MB

Download
memory/1644-182-0x0000000005840000-0x00000000058C7000-memory.dmp

Filesize
540KB

Download
memory/1644-238-0x00000000025A0000-0x0000000002731000-memory.dmp

Filesize
1.6MB

Download
memory/1644-239-0x0000000005840000-0x00000000058C7000-memory.dmp

Filesize
540KB

Download