d0ca0c9b434c6d2c468548d4add127e83114bf0eb2afb3d2beb6777791798ff7

Resubmissions

05/08/2024, 17:37

240805-v677eaxamd 7

Analysis

max time kernel
50s
max time network
34s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

2.1MB
MD5

6c1620e5ff6fe39252348b0a314586c5
SHA1

caf8b8b2cc7a95762ee9413b825d6b7d80b90e0b
SHA256

d0ca0c9b434c6d2c468548d4add127e83114bf0eb2afb3d2beb6777791798ff7
SHA512

05c0ab98043cb4ef7c76b424d04b497ba6aef79e0029ee111cd62d738df3ae6ad1bee324bc22f7b6433e21b26d72d93a155a8065663aed284be8a4b237810317
SSDEEP

49152:Nqe3f6RHPpVkmBtzEX9VuVZXVWY/OxHE4SW:cSiRHPXBtzEXqjM35z

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2324	Setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
2540	Setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvaeve.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\opencv_flann430.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\plugins\platforms\qwindows.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\d3dcompiler_47.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5Sql.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_trans_video_colorspace.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ProResOpt.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AudioRenderer.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\P.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\DNxHR.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ARE.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_enc_avc.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CFHDEncoder64.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5Xml.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_dec_mp4v.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\usd_win.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_enc_pcm.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvaaudiodsp.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5SystemInfo.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Format\ProImport\Supporting Files\aafext\AAFINTP.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvatemporalxmp.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5Multimedia.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\SynKitLib.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\(Media Core plug-ins)\Common\libmmd.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mkl_sequential.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_serialization.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ErnstLib.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\opencv_world451.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\LUTManager.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\SettingsUI.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ExporterHost.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvatexteditor.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ahclient.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PR.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5PrintSupport.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\qtquickcontrolsplugin.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaFoundation.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\LogSession.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\LUTEngine.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PIN.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\FILE.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\swiftshader\libEGL.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\RG.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUFoundation.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvacaptioning.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtMultimedia\declarative_multimedia.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AXEDOMCore.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvacrashreporter.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_demux_mxf.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AdobePDFSettings.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_trans_audio_converter.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_dec_dv.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\adobe_caps.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\FLO.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PlugPlugExternalObject.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mkl_avx.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\(Media Core plug-ins)\Common\SMDK-VC140-x64-4_20_0.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AdobeXMPCompareAndMerge.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQml\Models.2\modelsplugin.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\boost_date_time.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\opencv_features2d430.dll	Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2324	Setup.tmp
2324	Setup.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2324	Setup.tmp

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2324	Setup.tmp
2324	Setup.tmp
2324	Setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2324	2540	Setup.exe	30
PID 2540 wrote to memory of 2324	2540	Setup.exe	30
PID 2540 wrote to memory of 2324	2540	Setup.exe	30
PID 2540 wrote to memory of 2324	2540	Setup.exe	30
PID 2540 wrote to memory of 2324	2540	Setup.exe	30
PID 2540 wrote to memory of 2324	2540	Setup.exe	30
PID 2540 wrote to memory of 2324	2540	Setup.exe	30

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\is-10FAT.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-10FAT.tmp\Setup.tmp" /SL5="$40150,882176,0,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-10FAT.tmp\Setup.tmp

Filesize
3.1MB

MD5
f3b4d096d4cee3df1d9c8a1c45da95b5

SHA1
c61c6d61b77554dfb37b0ae84b1eb7f142888bbb

SHA256
9cea3c44bf11f95583b35b6f69085f9105168eb69bb6cb0cbd64fe21420bce1d

SHA512
04493cef582c86ec54badfaeac7abd595010025f3c92e1fe23e6a2b8d2441f2ab256a754be2b02954364c2de080a15bee37b5a653a62c1ce6b16b967a13efb50

Download Submit
memory/2324-8-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2324-11-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2324-13-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2324-15-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2324-17-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2324-20-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2540-0-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2540-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2540-10-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2540-22-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download