16fcbcc1418657e83e30f6c4d8e9c9925b11444feb8bbf6648eb4913cd03d60e

Analysis

max time kernel
18s
max time network
16s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NewSetup.exe
Size

4.1MB
MD5

54b924d299ee549a0d7e8ee515a7acac
SHA1

4ac7584339fea57e62bbbd5f1d48a3307ef5760c
SHA256

16fcbcc1418657e83e30f6c4d8e9c9925b11444feb8bbf6648eb4913cd03d60e
SHA512

bc6c163c06ccef5efeb8299fe187ff2bac87664d293cf33e8c9ced5f54cfe33e088e8918b6ad49825cfc09cb8e6956341b454425b18b2b64e137c8534e6be310
SSDEEP

98304:yFYjfvTXyCfwakE4HCsdv9q5bFleVZm3U:yFYTLXyCfHkE4VvMD4VD

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

NewSetup.exe

description pid process target process

PID 1936 set thread context of 2632 1936 NewSetup.exe NewSetup.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2440 2632 WerFault.exe NewSetup.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

NewSetup.exe

pid process

1936 NewSetup.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

NewSetup.exe

description pid process

Token: SeDebugPrivilege 1936 NewSetup.exe

description	pid	process	target process
PID 1936 set thread context of 2632	1936	NewSetup.exe	NewSetup.exe

pid	pid_target	process	target process
2440	2632	WerFault.exe	NewSetup.exe

pid	process
1936	NewSetup.exe

description	pid	process
Token: SeDebugPrivilege	1936	NewSetup.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

NewSetup.exeNewSetup.exe

description	pid	process	target process
PID 1936 wrote to memory of 2404	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2404	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2404	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2404	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2404	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2404	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2404	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 1936 wrote to memory of 2632	1936	NewSetup.exe	NewSetup.exe
PID 2632 wrote to memory of 2440	2632	NewSetup.exe	WerFault.exe
PID 2632 wrote to memory of 2440	2632	NewSetup.exe	WerFault.exe
PID 2632 wrote to memory of 2440	2632	NewSetup.exe	WerFault.exe
PID 2632 wrote to memory of 2440	2632	NewSetup.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\NewSetup.exe
"C:\Users\Admin\AppData\Local\Temp\NewSetup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1936

C:\Users\Admin\AppData\Local\Temp\NewSetup.exe
"C:\Users\Admin\AppData\Local\Temp\NewSetup.exe"
2⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\NewSetup.exe
"C:\Users\Admin\AppData\Local\Temp\NewSetup.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 120
3⤵
- Program crash
PID:2440

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-48-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-8-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-2-0x0000000005440000-0x00000000055C0000-memory.dmp

Filesize
1.5MB

Download
memory/1936-0-0x00000000743BE000-0x00000000743BF000-memory.dmp

Filesize
4KB

Download
memory/1936-4-0x0000000000530000-0x000000000054C000-memory.dmp

Filesize
112KB

Download
memory/1936-44-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-6-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-46-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-15-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-20-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-36-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-64-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-65-0x00000000743B0000-0x0000000074A9E000-memory.dmp

Filesize
6.9MB

Download
memory/1936-62-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-61-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-58-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-56-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-54-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-52-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-51-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-3-0x00000000743B0000-0x0000000074A9E000-memory.dmp

Filesize
6.9MB

Download
memory/1936-1-0x0000000000DD0000-0x00000000011EA000-memory.dmp

Filesize
4.1MB

Download
memory/1936-5-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-43-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-40-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-38-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-34-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-33-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-30-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-28-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-26-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-24-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-23-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-18-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-16-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-12-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-10-0x0000000000530000-0x0000000000545000-memory.dmp

Filesize
84KB

Download
memory/1936-78-0x00000000743B0000-0x0000000074A9E000-memory.dmp

Filesize
6.9MB

Download
memory/2632-68-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2632-66-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2632-69-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads