Analysis
-
max time kernel
898s -
max time network
902s -
platform
windows11-21h2_x64 -
resource
win11-20250502-en -
resource tags
arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/07/2025, 19:24
Behavioral task
behavioral1
Sample
setup.exe
Resource
win11-20250502-en
General
-
Target
setup.exe
-
Size
63.5MB
-
MD5
7bf037d31749fc9b2e41571373cf25cf
-
SHA1
5f31c217f542a89418c40775f4fa2d9870dbbf5a
-
SHA256
b6df770317720457bc7626e38bb55a74c85e30b28c0b85182dbac5662b1e9756
-
SHA512
5c57ebc9849161ecf641eac6e3cef19f42aad502fe5ccb5483ec4c37e6bb00ff62286a63c3449ae89257dc1baaea79d21fd601b1ba141c41171ae1265e9bcbee
-
SSDEEP
1572864:FPas/X2heCbfVd1AEJ5Rh1+BDDy4gds8KN2YCvoec38+oFFpR:5PCDVd1AY5bADDxgds8Jge/
Malware Config
Signatures
-
Loads dropped DLL 30 IoCs
pid Process 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe 2728 setup.exe -
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 1 ipinfo.io 1 api.ipify.org 3 api.ipify.org 4 api.ipify.org -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2728 setup.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1768 wrote to memory of 2728 1768 setup.exe 78 PID 1768 wrote to memory of 2728 1768 setup.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2728
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E81⤵PID:2240
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD56c227dff02748ad4784796c89303c1b8
SHA133e73da9e1a38e0a155fc15bf48d9b006f2b033d
SHA256010808cd1eb564aeaee8ba65ab2e20ae07f9bd9cbab8dba1d88931bc6842de0f
SHA512f73d8a8fca3285166d9598d28ded2a49691ff08fef4c3cd890f37b12fe99ab5a9e2f38662ecbd8b0458ec07a27cba6795bca91fe4ee951e59176870f90ad36c1
-
Filesize
117KB
MD532da96115c9d783a0769312c0482a62d
SHA12ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087
-
Filesize
48KB
MD5c0c0b4c611561f94798b62eb43097722
SHA1523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA2566a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA51235db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0
-
Filesize
70KB
MD50693819137d5c98bfae7f06b0d76a8f9
SHA1d9d92845f0f41a600e3967a1fd05ca69f2147a34
SHA256adaaf0c703641f6dbed30d101a5e23c17cc9454c36303394b9e28a52ea457471
SHA512ab08c8fc551d96c5f5cfa81b72f2ef8256c852c676cfb2c60a93f06dbfd07577679ddd0cc3356092ac91412e6442572f8af92cc467c4cde0475c4cbb918ae4d2
-
Filesize
83KB
MD5ed9f4c1cf33db08cac3c7ba7a973e61b
SHA1b0db47ca7be3df00d1585fdabe13fb983cfed04d
SHA256965f199679afa9b31d537d98c3ca8403afd6b9e58e1a463ae47697ae4bf12771
SHA512dc5f79944f9acf910d4af892d8a7c2368d2de29bf8ade2feecb056b2b3416d55bd22aacd16a7dc4488c4a1a5682409430f6f210e7396af4f14fd5f307ba1926c
-
Filesize
175KB
MD55cba92e7c00d09a55f5cbadc8d16cd26
SHA10300c6b62cd9db98562fdd3de32096ab194da4c8
SHA2560e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA5127ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded
-
Filesize
129KB
MD5ab19e3dd4731ed075589abadcde68991
SHA1b51ed4059d7d0ec7cbd5b34767e310bdee9cb4d4
SHA256697d05cac7c167c00ccf22ea4fdbc7a8db93ab9c6421061191558e42478068c5
SHA5126aa9cb0e5cc9514d71bf7a2ab21d24a3fd5ef0eb0f0e7bf26a4a807914c7a3cadf73e1bd6cdd9f31d8594b72272eaccc79632f9dfd9534da5c8217d0eb0e9cda
-
Filesize
273KB
MD590071379b9e53b2d1834d49f4fd804ec
SHA1c4cde25cff9cbf90c55bf908bdaa8a14a82311ad
SHA25690045140e45edcfe4f4859b3190184faff1249220011330a9d01319745766607
SHA512a67feade76fda58faa8a9842f6a07d8b12eb477c5baaf51f323de90fdcc8c5f62f2a756f30e1ea494b95eaaededbbe95f2aaf6659175e6e141057af0aac6f514
-
Filesize
133KB
MD5a52f49f8fc408a15e0717c1d7bd1c803
SHA145b8ffa6f2e04494c274cb2fb176af60091b1092
SHA2566fcc5528ce81f4514fb11cc7248080fd335a3c60d898e845d3341ee589887da1
SHA512fb2a5d88f43b2370681de2e46042e7568ccb503568473ceec1c993e9e936b275ee3b4ab968a12740e567604d2490b252104c8a9aa079644ff935693ec8afc745
-
Filesize
68KB
MD59ec1021fa8a3c252e1f805ac7f172753
SHA1773a3069dfb3711cb6f07c1c4dbfbab8b7c779d1
SHA2561430e4a2ed19eda840668a292c39ff44488b598f53e903a61739a86b779ecbfe
SHA5120940c59f5c1c4afe5457d16aa5053aa7e27de1ac2748de5a0614ec01d630f76d75a86159260a6c53209d098da16d50fa0c4ee3427c04a38180fe9eccc4e6b034
-
Filesize
156KB
MD5d165b7b9a127f66704ceaa196be319e5
SHA1ee3de55b32d1357599cef86df35e307477038a15
SHA256b78f5a8476139ff04731046459efd047bb8f52dc92c5b2082eabf2929c0ca02d
SHA512b99214ce14899656f9c0fd23b219d06de383aff95b344def145a9304c47e41b1645bd3544f4fb83ac070d42951de228873a99feb98948910fdd0e7fcc54a3122
-
Filesize
36KB
MD525fc0102fdb08c54e6bd72c0b11b1a4c
SHA12dc0d9a3bbcfef184699c147ac2cfa2fcb40a7b8
SHA2567b21c5b0ebee82b0d85724f245857d65e23f82c6aaf392efcd4f800462025d92
SHA51289640ff838030ca75309184bcf1ad58a8ad3a917564a4185675bc7494630bbfc5b821dfab53081b5a786553aae89958b057c369b4d56af12ccb0fcea983e3d03
-
Filesize
56KB
MD54a721637bc0c8b53d13485f5030da7b5
SHA17424dde1d136649e68b1f13cd0e738a1d428393a
SHA256fae5e0e822434da7b1707b9ae4c77b8fa7d1d7b810e7e2f5cacf04449c714086
SHA512fff4270fd6d759d31ae6784510208ab4d2eb0b454799d393f4d2155a6dad9c8b836233eb3d233002491019bbeba87e9e862c8eee608a51a0f83194a9a5110e13
-
Filesize
33KB
MD58fc4810cff733e6f17a7530d3fb67d58
SHA120163031892c87a67169f4ae25115e4e33845626
SHA25608050f94efe7bdd9d7cbe85b1196de391cac1b30f4a4918610cb174ae529a5db
SHA512c45ebdb450f30d034ba113729ada2a006baa2ad8c7a83cc59ee55e6fd10511d6f663b1d7f24fbcd493884a84cbedd1368e3a2136ff7da58fb47394147b021f45
-
Filesize
84KB
MD5c2938dbdcdaba1ccbefee37f6a06cd0c
SHA1944cb024144f327ba517ccf72af9bb9a79b8b23e
SHA256c63e8e6a369cbe86e57c9823fb48bc5d4e7bb18455b9b001986b4768c49007da
SHA51279e9f40665b7049c9feb04742a91c8c88749c1998794f1a51ac7b47a5f5ac3c1a2b441dcb9cd126e395581d9553305c24356b54d81d0a9fbecb41a4341af776f
-
Filesize
177KB
MD5893ee1e905ec5a1f74b10d73a8b94e6a
SHA123d6eb756eb48c1632b02a24f53aacf71bdfa409
SHA25611572f6eb63e43cdc2908812506ffcdab21be2be5931f1e38d856c15f5a79e6c
SHA512237c9b37f4b44ae37726f3fef750f6eda65b9d8a540f386c5a43e1bcef400dfed0f9f37f2dc4042fe0c4fec0ed9aeb700797396bae2e5f052525851760288b61
-
Filesize
27KB
MD58cdd2cc12be9491bf150e366e81217be
SHA16567dba49c9bac718a1badb504fe83b1d3755c66
SHA2566a3e6d89e71a803609e6e765a592011427a5b6e7a4766bbca7790b601bb66dbe
SHA512c573f46295699a7314dde633b04e331f292aeafb36f813055144c95f24bc386ce23704980e3cb6a491d4a05e207cf2517526fd0c602b53cf514a7c2b8d27a338
-
Filesize
39KB
MD5609206d81f38626f1c022d1a0ff1466b
SHA1cef724eceae7995d425c169912e292ac43572ed7
SHA256a7cc096244a497219269a3ee1cf2526a2b613d73fa566749f8f2408f5f4117d4
SHA512e973f30ee976b580913f3a5c2d762364897054f958fb26236eeccd17832cce0bfa1bc04c0981d221c0536f5c9b1d21551ec12a873cbae64fc6b50634dc9d0166
-
Filesize
1.3MB
MD5bbc1f91f99c965e15f7eee0eefce9ccf
SHA156e49ee8cc4ec2fdb04302b13041f2437de3e7b2
SHA256f83f555c14618766b0d2dc4f4afdf49cf3536d61b2f820fcb77d92907edae4bb
SHA512bc4032cef984da3b2991bf5ab7ac82c4924d6292e7ed3d405b8575765753776e513281036306017396fd3f16c3d5cf4a6e38eadeebb8be6be0cc5234028d31a5
-
Filesize
274KB
MD5efc4b0783f2c84a6244631bc2aa73312
SHA16219c1e79d7d28711fad4dd5fd6b2912c7988b16
SHA256b1cdd2d665758ef49d08f40ea13e1a826e5f0412e9e0940c921ed1021464cdc2
SHA5128ac14027da85dc10e0725b9d0585f1d25cccec19d74c91671dbec726538c9c3689c5df66676228601f26b17c63cffefcae4d637ff77ff263182c7c7a89e1e983
-
Filesize
10KB
MD552f4d871306079913ecd8d53eb9ecd05
SHA1fca56e0ea208691082a04198b3b517739669f001
SHA25676c8700ffc983bbec07468e354039b21e25e49e7c19f43d7343994c90d4bb7bf
SHA5124bb9d4161675b6f66c1eadf996de57ba916497c92e6ed42d0a09dbfe97b243d5b3e9772f942c2b03fa75c2f305ca1584bd9b36d5ec226dcdb2efc3261809dea1
-
Filesize
122KB
MD521e82ad181c636e1cf6c24610e2af08f
SHA164f73187472d99632c8579aac30fa03b20ba232b
SHA256e9c308245fe01d33ef92c7026115a0a930fd865fbe1bfcefa91e76c6aa32a0b3
SHA5128b87a5ecd21a299a3a9a9a06e2c2aa94942b44280c8eecfdc2b92fbd660344f78a48d41df7859a2f733243a0bfce59cfcd16d25fdd6dc16279b17ee19ebd4484
-
Filesize
6KB
MD56f043aff1edd20d3c9d6398f936fbf58
SHA17149d2d20e1eb8c10c5d2bdb8eda23551fc82650
SHA256957a91bfd98ffb07a10cd789b7c5c46806568476b61e34c7ad56a00092b981a5
SHA5127358dba479899dbc3afb955903820d2a7a54b9c398bf5d4565c8dc044241821edd621d7416862af396db4216373b1e8aac00eb78046fcc3cc2396aa02cd6947b
-
Filesize
271B
MD5eed4002ffe913424133d8f19fdf1c2a8
SHA1f232d4c5acf73885d8e0d70418fb2e1481d9271b
SHA256ff583a5874be8f848e73c2f61b3a71680995926479c9bc436e6565c5cce7ca07
SHA512115f32b21e99dec9b50c766cc685f9387a0d0c1611a41540ca23b71579e2963e04a1e940c6c8f3447a26006dbc45f17013a7ffe97be620b74f1cf20a21505b8e
-
Filesize
5.0MB
MD5ae5b2e9a3410839b31938f24b6fc5cd8
SHA19f9a14efc15c904f408a0d364d55a144427e4949
SHA256ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA51236ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc
-
Filesize
38KB
MD50f8e4992ca92baaf54cc0b43aaccce21
SHA1c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA5126e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978
-
Filesize
776KB
MD58d4805f0651186046c48d3e2356623db
SHA118c27c000384418abcf9c88a72f3d55d83beda91
SHA256007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA5121c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1
-
C:\Users\Admin\AppData\Local\Temp\_MEI17682\numpy.libs\libscipy_openblas64_-13e2df515630b4a41f92893938845698.dll
Filesize19.4MB
MD5b2228fd745f904a0cfb0055c42505231
SHA1fd8421fbdb81d2d6539df14a80b01d9983a7c659
SHA2566547e9fb966e9773caee2755e91a8bf4d6f3a2f0eebf9646b0158f8675ea4ab5
SHA512092771da4730f03e227469e1991e6909b671954ef959479e267d6d31113deeac82b1aa7aa218540e285c607ce60e143a829852e178445a7881139cf64168bd8a
-
C:\Users\Admin\AppData\Local\Temp\_MEI17682\numpy.libs\msvcp140-263139962577ecda4cd9469ca360a746.dll
Filesize561KB
MD572f3d84384e888bf0d38852eb863026b
SHA18e6a0257591eb913ae7d0e975c56306b3f680b3f
SHA256a4c2229bdc2a2a630acdc095b4d86008e5c3e3bc7773174354f3da4f5beb9cde
SHA5126d53634bc51bd383358e0d55988d70aee6ed3897bc6ae5e0d2413bed27ecff4c8092020682cd089859023b02d9a1858ac42e64d59c38ba90fbaf89b656c539a6
-
Filesize
4.3MB
MD5b845308ac897bebc78b9161275b777aa
SHA103bc77ded782de1e76d9c501d61b482e17a47743
SHA25653d4bf7f0b7100972e65c6e3ab26c78b2dc8cbd6e22092951af2888784ff4519
SHA512a8c591c8379330a169b915f399efd5d7d7bef72d6d532ddac2a166f1c89469eb42c98a9779be308c28f5b7bfe2e00358b55262e91a55cb46650307c2ed60b547
-
Filesize
109KB
MD5499646c954c56827589f91cf8d16d0bf
SHA1606f80fd67d2283adc9e0aade8aff74dadb06eed
SHA256153b52f32faabfefd19d0727d420bfc59a900e375fcb5be6cc329e7b70226ac9
SHA5125bb6c6e58e85c29987e51c7ec176303d8937a8c9f9f6338f90dcea03af99c0b2c58132380a148b8f8d2330915864ecaed49bdf789480ca5c6ffcfb23e5cb301e
-
Filesize
199KB
MD5feb79984518146b9703d3913d54f2106
SHA16a4eb8d7e593f008308f05bf26f7caf7d76a1716
SHA256567f19a92479e66b652ffaadbddba26b7c5dda43d5e97c67a4a76a076021b736
SHA5124b5a67c38aa149cde71ccc1171cd55af8a12a66d514f63fb543005d9ee8f19226f839d28782187a0e46e0f205e3307e4e0739e1b2bd64c0e99e0af794c1836e8
-
Filesize
70KB
MD5c947a886e61ad18d052840e095aaa5fc
SHA14a2d0092e50757e0b951565c02dd541ab48da96e
SHA25685d02d4c7e28c0f183415dc2be5fe8e06aa7fa0567673c75c65c0031f59e1e8b
SHA512d4b3d769fa4c22e914e12ac8b63263bacda72b351bea5bd53ba1d0fd6a6c57c98fc392645170f26e7c84fdf855fbe587615f4f3b1f150285420f5b26bda2da0a
-
Filesize
5.8MB
MD55acd4d4f35e13ef79c883ace05c4eaf5
SHA103a2944b87b8a6fe0bff5336978ed6558deda5a2
SHA2560565965617d94274d7f2c2958d0bef33392cd9d2f346f99d8e1bedbdf264ee85
SHA512f1bb13fac80f28e2419479ee14e41dbcba8fbdc0ca3698d01a8ccddf2bc2fe3a4cf90acf2fd42e4a2f1ec49751d0c66cbc7b59fb8a43fc4dcb7b892cae76e525
-
Filesize
91B
MD5c280ca5258b913968bb5eee890263696
SHA12564f2a376a6feeb8c85f1babc21d9a07476188f
SHA2562b38886f972545b2322a45b52f0276c09bea4ff1d535f2d44926145a3b2eece2
SHA5128803f2d2342ff5dca15f59db40cef7b7ac25c7bca14d2dd20e6e66aad5942f2adca2c5977727494410c8452f1d116b796442399ffcff59891ae6b44f6ce7ef68
-
Filesize
32KB
MD5e5728d041bfb1841fc460db4027a2952
SHA171e6aaa90e905a72ac83450796af4fb2bb3503d7
SHA256d1e486de9653640be7c3a9bed04aa716b29ea76a69e1de758dd9fa708f2c9d38
SHA512a53efe3872b035445b7d66a71dffb690cfd00ff6296af25d0dbdfe92c904a8d06442c91e9638b2d5e54420f6998220d65f39b35ef3c1a87e812e9deea1967ab9
-
Filesize
1KB
MD54ce7501f6608f6ce4011d627979e1ae4
SHA178363672264d9cd3f72d5c1d3665e1657b1a5071
SHA25637fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24
-
Filesize
695KB
MD50a3be15d03e1c55c4df0c7e4fa4005bd
SHA1a8b30adb77dccd9b7bdc1ec3b1800127e586e3f6
SHA256e7d0375a7064b1c8916cca7cabf7e3df559fc8463dfdf831f403e95c79499121
SHA5122a408d178dd0261dfeccfb791fe05a40caedc64b7ad6cd543fafd31d1e676721240020ad43f26cd8adf94a8c3e68522fc96ebb0f987fe0ba15b9287aac1242b2