Overview

overview

8

Static

static

1

MBSetup.exe

windows11-21h2-x64

8

Resubmissions

09-09-2024 19:14

240909-xxn4aavdrr 8

09-09-2024 19:13

240909-xxbg7avdqn 1

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-09-2024 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MBSetup.exe

  • Size

    2.5MB

  • MD5

    d21bf3852bb27fb6f5459d2cf2bcd51c

  • SHA1

    e59309bbe58c9584517e4bb50ff499dffb29d7b0

  • SHA256

    de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2

  • SHA512

    17bc7740f131a1d4e84fd7e4ab5e1ce510660f5046340ef6d09ef99c56c88da2b6be3ae5c5ddb7213841c506eaec147c65abba1a7a2a8eb4fb8f6329bbaa03d1

  • SSDEEP

    49152:FMofPlPU+QG/rOVcVz6StQyfvE0Z3R0nxiIq2dsTDwfw1Y:FMslc+QGjuTKtQRq261Y

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Downloads MZ/PE file
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 5 IoCs
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    PID:2068
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3796
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
    "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
    1⤵
    • Drops file in Program Files directory
    • Executes dropped EXE
    PID:1108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
    Filesize

    8.6MB

    MD5

    f35a6782aea69cda718cc378504db826

    SHA1

    5fc4028de1c51089d9f487caa02a78d4d42266fd

    SHA256

    20f89ddb4dd26f98ce006ae2034a87e1c2347788697e0fdb68b87c95af0b680c

    SHA512

    5a5dcf1ecb32addf5fa9ffbce583fbdb4714e5b87553abd57723cb1b199c54bbaf038db1a7ee1cb095b1aad878f8d17919b55cb093c4a869d7356aaf28fb3a4f

    Download Submit