Overview

overview

7

Static

static

3

LC_setup.exe

windows7-x64

7

LC_setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    25s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2024 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LC_setup.exe

  • Size

    682KB

  • MD5

    43ac96134253208d064ce32624506c26

  • SHA1

    ac03df819fe01bfe40dd06d6ed9dd8d4f41c3f1d

  • SHA256

    395654e94749287cab9bfceaf4ed94541a1cd9205f0037c813b0c9bb62952092

  • SHA512

    559e6c273720fbd410dda7d0b66b0137a8a3e4f39228e5b2485bd1918442ff966c8c547d5b84c7d5f592ab3852c3c6cc07d7e3a93a4d2233b98316948e35c623

  • SSDEEP

    12288:qHHrf04eANHQbokS6lJlIG0n/KKK2c3xLP9RXRZLKtbbWHTnKJhuYTCb53fVovU9:OLfuANHQbxBvlN0/KKK2wLP/4

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LC_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\LC_setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:908
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5052
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 2612
        3⤵
        • Program crash
        PID:4416
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5052 -ip 5052
    1⤵
      PID:3424
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1364

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\d3d9.dll
      Filesize

      647KB

      MD5

      e41163c8b23e7e7a5c043473bb020f49

      SHA1

      e8500dbdb29225fe58c183de93f41aaed0dab195

      SHA256

      265b4fa5527f5d85401d3072721a4ac944a128cbdae272c5eee7edc9f1a81b26

      SHA512

      d52950c3b183741daab755f2962af8ad3ca9ce07c837bef47439d013e69d6b325da88b4f2b7b328a4f3bad9123fd6008aca5b79aa91f957bb08732dcc0bc5b8f

      Download Submit

    • memory/908-0-0x000000007504E000-0x000000007504F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/908-2-0x0000000001140000-0x0000000001146000-memory.dmp

      Filesize

      24KB

      Download

    • memory/908-1-0x0000000000550000-0x0000000000600000-memory.dmp

      Filesize

      704KB

      Download

    • memory/908-43-0x0000000075040000-0x00000000757F0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/908-11-0x0000000075040000-0x00000000757F0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1364-38-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-36-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-30-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-37-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-39-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-41-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-42-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-40-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-32-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1364-31-0x000001E70C830000-0x000001E70C831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/5052-14-0x0000000004D10000-0x0000000004DA2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/5052-19-0x0000000007B10000-0x0000000007B22000-memory.dmp

      Filesize

      72KB

      Download

    • memory/5052-26-0x0000000008BE0000-0x0000000008BFE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/5052-27-0x0000000009800000-0x00000000099C2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/5052-28-0x0000000009F00000-0x000000000A42C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/5052-29-0x0000000075040000-0x00000000757F0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/5052-24-0x0000000007F70000-0x0000000007FD6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/5052-21-0x0000000007CE0000-0x0000000007D2C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/5052-20-0x0000000007B70000-0x0000000007BAC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/5052-25-0x0000000008C40000-0x0000000008CB6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/5052-18-0x0000000007BD0000-0x0000000007CDA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/5052-17-0x0000000008060000-0x0000000008678000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/5052-16-0x0000000004DC0000-0x0000000004DCA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/5052-15-0x0000000075040000-0x00000000757F0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/5052-13-0x00000000052C0000-0x0000000005864000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/5052-12-0x0000000075040000-0x00000000757F0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/5052-9-0x0000000000790000-0x000000000080C000-memory.dmp

      Filesize

      496KB

      Download