Overview

overview

6

Static

static

3

Data/Updater.exe

windows10-ltsc 2021-x64

1

Data/d3dco...47.dll

windows10-ltsc 2021-x64

1

Data/devto...ces.js

windows10-ltsc 2021-x64

3

Data/en-US...cy.xml

windows10-ltsc 2021-x64

3

Data/en-US...ls.xml

windows10-ltsc 2021-x64

3

Data/ffmpeg.dll

windows10-ltsc 2021-x64

1

Data/icudtl.dat

windows10-ltsc 2021-x64

3

Data/v8_co...ot.bin

windows10-ltsc 2021-x64

3

NAudio.dll

windows10-ltsc 2021-x64

1

QtCore4.dll

windows10-ltsc 2021-x64

3

QtGui4.dll

windows10-ltsc 2021-x64

3

QtNetwork4.dll

windows10-ltsc 2021-x64

3

QtXml4.dll

windows10-ltsc 2021-x64

3

RcClientBase.dll

windows10-ltsc 2021-x64

3

Resource.exe

windows10-ltsc 2021-x64

Set-up.exe

windows10-ltsc 2021-x64

6

StarBurn.dll

windows10-ltsc 2021-x64

3

UpdateClient.dll

windows10-ltsc 2021-x64

3

UpdateCommon.dll

windows10-ltsc 2021-x64

3

msvcp100.dll

windows10-ltsc 2021-x64

3

msvcr100.dll

windows10-ltsc 2021-x64

3

Analysis

  • max time kernel
    96s
  • max time network
    136s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    25-11-2024 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Set-up.exe

  • Size

    6.2MB

  • MD5

    11c8962675b6d535c018a63be0821e4c

  • SHA1

    a150fa871e10919a1d626ffe37b1a400142f452b

  • SHA256

    421e36788bfcb4433178c657d49aa711446b3a783f7697a4d7d402a503c1f273

  • SHA512

    3973c23fc652e82f2415ff81f2756b55e46c6807cc4a8c37e5e31009cec45ab47c5d4228c03b5e3a972cacd6547cf0d3273965f263b1b2d608af89f5be6e459a

  • SSDEEP

    98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X

Score
6/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 11 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Set-up.exe
    "C:\Users\Admin\AppData\Local\Temp\Set-up.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3824
    • C:\Windows\SysWOW64\more.com
      C:\Windows\SysWOW64\more.com
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\SysWOW64\msiexec.exe
        3⤵
        • Blocklisted process makes network request
        • System Location Discovery: System Language Discovery
        PID:112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3de9bab9
    Filesize

    1.0MB

    MD5

    c202d3fb2c6ed27af422666ada171402

    SHA1

    77b819ce4035bbd052bcfadc72520dd780c016a6

    SHA256

    2dd1397b9182cc09c32c533cbe3e3f2773ff80483f52bb6a53691badec47c2e8

    SHA512

    e0cc272bf606034513ca45cdc3e8cc9c342f638fc0a37adccaf15c786d9db8fc5f35459cb2a79de74973489dc1cfbb8d0b0639df61e9ac23a05f26de06fb59ce

    Download Submit

  • memory/112-17-0x0000000000800000-0x000000000085D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/112-18-0x0000000000BD0000-0x0000000000BE2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/112-16-0x00007FF9058D0000-0x00007FF905AC8000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/112-15-0x0000000000800000-0x000000000085D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1076-10-0x00000000747C0000-0x000000007493B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1076-6-0x00000000747C0000-0x000000007493B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1076-8-0x00007FF9058D0000-0x00007FF905AC8000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1076-9-0x00000000747C0000-0x000000007493B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1076-14-0x00000000747C0000-0x000000007493B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3824-0-0x00000000747C0000-0x000000007493B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3824-4-0x00000000747C0000-0x000000007493B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3824-3-0x00000000747C0000-0x000000007493B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3824-2-0x00000000747D3000-0x00000000747D5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3824-1-0x00007FF9058D0000-0x00007FF905AC8000-memory.dmp

    Filesize

    2.0MB

    Download