334ec9e7d937c42e8ef12f9d4ec90862ecc5410c06442393a38390b34886aa59

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyViewerSetup.exe
Size

36.3MB
MD5

199f287b81b00d54ec6e12c313bbdc4e
SHA1

25ff04330d5a1fafae592f0d07e9e6ecfc61db60
SHA256

334ec9e7d937c42e8ef12f9d4ec90862ecc5410c06442393a38390b34886aa59
SHA512

1006d0c84c5f8bdcf50670958f24a7d0a3d0dff54d620d1dcc5d9e057269dbc506a7e622172ab673aed108b4e0ab0e7569fc89898e335c74d2c61ca6e354f16a
SSDEEP

786432:e0ea8KPO0BEreQ/dyD7VVZIXPMA/h9rWsyd6d0z1CojZSd23Y9z9o2VRrtp:ePKP3mJ/8D7hkj/b1ydFZjZS59BLpp

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

AnyViewerSetup.tmp

pid process

2552 AnyViewerSetup.tmp
Loads dropped DLL 8 IoCs

Processes:

AnyViewerSetup.exeAnyViewerSetup.tmp

pid process

2184 AnyViewerSetup.exe
2552 AnyViewerSetup.tmp
2552 AnyViewerSetup.tmp
2552 AnyViewerSetup.tmp
2552 AnyViewerSetup.tmp
2552 AnyViewerSetup.tmp
2552 AnyViewerSetup.tmp
2552 AnyViewerSetup.tmp

pid	process
2552	AnyViewerSetup.tmp

pid	process
2184	AnyViewerSetup.exe
2552	AnyViewerSetup.tmp
2552	AnyViewerSetup.tmp
2552	AnyViewerSetup.tmp
2552	AnyViewerSetup.tmp
2552	AnyViewerSetup.tmp
2552	AnyViewerSetup.tmp
2552	AnyViewerSetup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

AnyViewerSetup.exe

description	pid	process	target process
PID 2184 wrote to memory of 2552	2184	AnyViewerSetup.exe	AnyViewerSetup.tmp
PID 2184 wrote to memory of 2552	2184	AnyViewerSetup.exe	AnyViewerSetup.tmp
PID 2184 wrote to memory of 2552	2184	AnyViewerSetup.exe	AnyViewerSetup.tmp
PID 2184 wrote to memory of 2552	2184	AnyViewerSetup.exe	AnyViewerSetup.tmp
PID 2184 wrote to memory of 2552	2184	AnyViewerSetup.exe	AnyViewerSetup.tmp
PID 2184 wrote to memory of 2552	2184	AnyViewerSetup.exe	AnyViewerSetup.tmp
PID 2184 wrote to memory of 2552	2184	AnyViewerSetup.exe	AnyViewerSetup.tmp

C:\Users\Admin\AppData\Local\Temp\AnyViewerSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AnyViewerSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184

C:\Users\Admin\AppData\Local\Temp\is-RUFGG.tmp\AnyViewerSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RUFGG.tmp\AnyViewerSetup.tmp" /SL5="$8001C,37462717,619008,C:\Users\Admin\AppData\Local\Temp\AnyViewerSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2552

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\Checkblue.png
Filesize
535B

MD5
03852e4119bcbf5c8acf22120e956065

SHA1
a880595e09b1c89f5301684a355d42068a4aec77

SHA256
093f883620fe51cf139e131ce254c8969e33ade7bf8728a8e25e26c07ef070b8

SHA512
01245fc3ec1db821864b7b46f50911025c8cb583a3d75a83a70fa79191aa562e006f4933e8776a66bd2c039035074e170ab12f00d2399a757c773c803fb19374

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\btopen.png
Filesize
2KB

MD5
90eb121bf0ae802f3ad12bc6582ca691

SHA1
8647260945740e2cd97a97b7cee6e5016688166f

SHA256
85a908620121820c1c40303d6e268bac586c469cbfbfe864143a2c96d171f56c

SHA512
881bdec3c122b7baaf81c01f91b24409377602c0d9398b09aa3ad7cb965d347bcee5e631ca87636edfad693d5666b8339ee45e8877500f78f823817d449ec8e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\iconclose.png
Filesize
4KB

MD5
4b00487ff65448660795f0932ed58419

SHA1
b30870e50fe366335191ccab3418272b5a0fd7cd

SHA256
f81cbf673e0a8c2708cc6c2e84f589a4e347255cab30ab68c064cf41c7b9e684

SHA512
e3e971e79cb901eb1097c28c0a459a6abd5d7504029d13542cc11b8ceeed8fb38d71da77f31e036956af792bd3411d3182a5f2df514e8de0396f396941c0e1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\iconminimize.png
Filesize
2KB

MD5
48b8fe1b77dfbc4b929245e1866634d6

SHA1
6c8c540cdae147b2ed0d623eaba7946fa592a4c5

SHA256
9ef1a17cbc12f12e0de6ccb45b99b21733bc24156fb97e4116894af879f0f194

SHA512
80603d2df7c39d2939959ca782429ede5abd0f730fef4329ac20f380b7d3f46991df14c255f3fab1e1f241f56160217f381f9542cbddae3ff0ced78dbcb9d8f4

Download Submit
\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\CallbackCtrl.dll
Filesize
21KB

MD5
e4aaa24dd6549ca02e0fc45302345dd0

SHA1
f9e477719cdffadb39d42cc4a3e9e2e70277e3ed

SHA256
9fb8c2522b2c5f826bacd1bf5cb42af70aa2080fb680f96e747d3900eb40a6f9

SHA512
d04a788ebaffe0c4df0192f643f394e2c2ad026099ee2f26b94bc76f7685b70967d23b104f18a8acb8017f1da1c957a844e2f2aac7084228d02b183ae7150340

Download Submit
\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\MFCButton.dll
Filesize
220KB

MD5
2581ae0a7a36a6a389ea9cebb4f01f39

SHA1
bca0bb11737a79d8a2bc7f01a91985e25b0153fc

SHA256
e9304127981fd0b4e7f5cc2c19d8618b7deb0c3c9149045af66c5f7d6aa89222

SHA512
f2921c1487bda5d8dfd3cc274f758ea067f90565df1b5356fee9f9195486b5fd5618df6bbc653a2f703fd5e4c4f64d0a3e073787090c95c7b46890fc93b5868b

Download Submit
\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\PathFormat.dll
Filesize
221KB

MD5
ed26aedade2f4ca5da61ff5baa1a16d7

SHA1
1f9e736c00ff3b635ad89097937f16039ab00578

SHA256
0de968ffd4a6c60413cac739dccb1b162f8f93f3db754728fde8738e52706fa4

SHA512
e7b09cb39ee20fc8cff856b27b3b6a769a825b6de64e7161fa8e4b4abfd91808d22a7dc58af2adda66f0d7c32abcb89237d1e9568500e4b2ec65eed7d511d223

Download Submit
\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\_isetup\_isdecmp.dll
Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-NFKML.tmp\botva2.dll
Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-RUFGG.tmp\AnyViewerSetup.tmp
Filesize
1.9MB

MD5
8ce6b53ded85e3ddd7bd5cff708b5a83

SHA1
dcd11bb9fde1342da724a5f24e878699be4ef48c

SHA256
3cb8ae64d7ccbf948f83b069a2ed9be9479d278a34c07e54796b80da69516c9c

SHA512
15e067c814f9330b7b324db69a5db545756286e7fed536479e3705fd431674f32aaef3e144c2eb8142c1e970064e610b1f557fd7aa3aa1d18e23a64ad0ce0f94

Download Submit
memory/2184-0-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/2184-2-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/2184-100-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/2552-61-0x0000000002160000-0x000000000216E000-memory.dmp

Filesize
56KB

Download
memory/2552-8-0x0000000000400000-0x00000000005ED000-memory.dmp

Filesize
1.9MB

Download
memory/2552-84-0x0000000003980000-0x00000000039BA000-memory.dmp

Filesize
232KB

Download
memory/2552-102-0x0000000002160000-0x000000000216E000-memory.dmp

Filesize
56KB

Download
memory/2552-101-0x0000000000400000-0x00000000005ED000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads