Overview

overview

10

Static

static

10

setup_gens...er.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-12-2024 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup_gens_localserver.exe

  • Size

    9.9MB

  • MD5

    7eb390f4439aaaf6424cf578d1d52ebf

  • SHA1

    4c0545c16801e994fa4aee68e83dea19db06de9c

  • SHA256

    74da122cf8e7a07e4aa0274b98ccfe093dca58a69cbde44c118915f07d3ec8f6

  • SHA512

    a0c2127e8cd7f2616fa5496dd1e579f324eecd8978eae41aeaaae25453235de192974e7b0f953e23d5c262945538f73e413ae856c661cb00ca5ea791a430a75c

  • SSDEEP

    98304:NXv9Q2/1jxJ4xlxSaHL8SLs50SJYCEKWGgbZmYezK:NX79jxJml57Ls50UYP18z

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup_gens_localserver.exe
    "C:\Users\Admin\AppData\Local\Temp\setup_gens_localserver.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3392
    • C:\Windows\system32\attrib.exe
      attrib +h +s C:\Users\Admin\AppData\Local\Temp\setup_gens_localserver.exe
      2⤵
      • Views/modifies file attributes
      PID:4604
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
    Filesize

    10KB

    MD5

    96329c73cc49cd960e2485210d01c4d2

    SHA1

    a496b98ad2f2bbf26687b5b7794a26aa4470148e

    SHA256

    4c159cab6c9ef5ff39e6141b0ccb5b8c6251a3d637520609dfbdd852fa94d466

    SHA512

    e98736a879cad24c693d6c5939654b2fd25bf9d348f738668624214f22d541a9b781c967201ab2d43cbac9207946824a0299d482485f4b63c48d5d2a839e5baf

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
    Filesize

    10KB

    MD5

    847a64ce22adca83e091e5403ef844ed

    SHA1

    f2cf8559f0eba3d237cee1162b811613d2a0c308

    SHA256

    1db255895b125edbed50b5296edafaf303dde2b93a600313b6a1aa61f9ec2b88

    SHA512

    94abff56e498bfd7af0e72a652a0b03d29cbe7d0322f43cb8fa4182cfa829ec6d608c5bb3f6deaaf1dcaae764c90036beedb503109c8080999dfaf2d6a2e9de6

    Download Submit