Overview

overview

6

Static

static

1

AllOutInst...2).exe

windows7-x64

6

AllOutInst...2).exe

windows10-2004-x64

4

Analysis

  • max time kernel
    56s
  • max time network
    58s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-08-2024 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AllOutInstaller(1.3.2).exe

  • Size

    27.8MB

  • MD5

    40c837f9a461ae78339735764e9f8bd3

  • SHA1

    e77dfdbfacbe16021e0e89b223e415b1e8e23881

  • SHA256

    d789e02dadbdc9b3ce6b1c8d1ff75f62db79650bd92de71c313bbfefe66dfe81

  • SHA512

    60f550060cbaa2ec77cbe295962c6dd77c22027da84d8d42e672df1e12fbfffd3ccae1120d62f5561ce238985bdef6ce9e31a0228db2b5fae40038a2dfc3576d

  • SSDEEP

    786432:ZZFndkFvbGcTPYe4jD1Zi+1BvGle9/b1F1/i:ZZFndkJbpTPYBjD1ZiMB716

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AllOutInstaller(1.3.2).exe
    "C:\Users\Admin\AppData\Local\Temp\AllOutInstaller(1.3.2).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3420
    • C:\Windows\TEMP\{BCFB1A4F-D688-4CA6-9FA2-2B96AE0F43C1}\.cr\AllOutInstaller(1.3.2).exe
      "C:\Windows\TEMP\{BCFB1A4F-D688-4CA6-9FA2-2B96AE0F43C1}\.cr\AllOutInstaller(1.3.2).exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\AllOutInstaller(1.3.2).exe" -burn.filehandle.attached=656 -burn.filehandle.self=660
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{BCFB1A4F-D688-4CA6-9FA2-2B96AE0F43C1}\.cr\AllOutInstaller(1.3.2).exe
    Filesize

    1.1MB

    MD5

    e36786eec8e3476350d5f28b7263cdf1

    SHA1

    4b24406ff78cb4bb71769e245bd14328dc1ec3f3

    SHA256

    99202354823cfe17c8ebcfb6c9577a1716cb330bcabf431ee9d8326862415289

    SHA512

    daeefc972df40e9fffc30ae6674a41ccd435c9603bb5cd73b9e32dd78c9af0277d0c67d9c951a73412ef933a2ac7c7e4f080372b886ccf478c96a1bc7effe253

    Download Submit

  • C:\Windows\Temp\{C23FCED0-BA0C-40AE-9A71-E82712F75B4D}\.ba\wixstdba.dll
    Filesize

    366KB

    MD5

    58c2f07c4886df52324737ee0778bcc0

    SHA1

    1c2d39b5820ea325b554e9523872c34530dde862

    SHA256

    341a6ea5af03d25a1b1e8f9f62540cf11c55c9b81bd34df6e8c5f0fbf63e7a52

    SHA512

    a4b166727233295f4a70519a10c94bec6856907dbf0506806a33dbf16e6648b794488065c870b958655b3e758c9c78829970fb9f87d34750e6c59e14d301ca04

    Download Submit