Overview

overview

10

Static

static

3

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2024 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    3.5MB

  • MD5

    da016680911e1105d7ac212ac2989dc2

  • SHA1

    341caff8ed2e2be65863300012d2f0d904149c7b

  • SHA256

    cf3a80f6756543de0aa697ce7f3d248f8815af1f48d7801b313c8034cdce957b

  • SHA512

    0e9072efef5df138a673464614f5c47e2e20932c981f126d6b7f5587350c72b28a1930b1c86f5439f95e3f09cf443ab1234958ba2116cc8d035f68254c426fba

  • SSDEEP

    98304:rOuBF3zj5prjsd8VNCofaoUhXo8uG9pmSgQ7gCbHRd3bcEo:qunj5prvX8uGxgQZLcEo

Score
10/10
privateloaderevasionloader

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 1 IoCs
    evasion
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Privateloader family
    privateloader
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Modifies firewall policy service
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2880 -s 220
      2⤵
        PID:2624

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System32\GroupPolicy\gpt.ini
      Filesize

      127B

      MD5

      8ef9853d1881c5fe4d681bfb31282a01

      SHA1

      a05609065520e4b4e553784c566430ad9736f19f

      SHA256

      9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

      SHA512

      5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

      Download Submit

    • memory/2880-4-0x0000000077D80000-0x0000000077D82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-11-0x0000000077DA0000-0x0000000077DA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-2-0x0000000077D80000-0x0000000077D82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-30-0x000007FEFDCD0000-0x000007FEFDCD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-0-0x0000000077D80000-0x0000000077D82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-10-0x0000000077D90000-0x0000000077D92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-8-0x0000000077D90000-0x0000000077D92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-6-0x0000000077D90000-0x0000000077D92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-5-0x000000013F935000-0x000000013FBD7000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2880-20-0x0000000077DB0000-0x0000000077DB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-15-0x0000000077DA0000-0x0000000077DA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-16-0x0000000077DB0000-0x0000000077DB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-13-0x0000000077DA0000-0x0000000077DA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-33-0x000000013F7D0000-0x000000013FF3E000-memory.dmp

      Filesize

      7.4MB

      Download

    • memory/2880-28-0x000007FEFDCD0000-0x000007FEFDCD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-25-0x000007FEFDCC0000-0x000007FEFDCC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-23-0x000007FEFDCC0000-0x000007FEFDCC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-18-0x0000000077DB0000-0x0000000077DB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2880-43-0x000000013F935000-0x000000013FBD7000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2880-44-0x000000013F7D0000-0x000000013FF3E000-memory.dmp

      Filesize

      7.4MB

      Download

    • memory/2880-45-0x000000013F7D0000-0x000000013FF3E000-memory.dmp

      Filesize

      7.4MB

      Download