Overview

overview

10

Static

static

3

Software_Setup.exe

windows7-x64

6

Software_Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2024 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Software_Setup.exe

  • Size

    63.9MB

  • MD5

    9ff7e52416b7d3ca8b7e035d4b15f60d

  • SHA1

    ecf06e8679da62922f3d52d2b9e756ba311e4203

  • SHA256

    ec4cd02feeae2e57341cb7ff396fac7d635c914775357b95a0ae3bb73ced8703

  • SHA512

    974b9d2d21ffc0d780fb5bb531db3f4edf979e032e2b0fa9048310885fa7cac06fc138b4aa5a9d6bb19a7fc7676c72e98a9ba9c60b35428a699774b34af474af

  • SSDEEP

    1572864:jDkFLa2/bDkFLa2/bDkFLa2/bDkFLa2/bDkFLa2/z:j6/6/6/6/6f

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Software_Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Software_Setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 920
      2⤵
      • Program crash
      PID:2796
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1644

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      72ee8c25b3ae5e7a0193a5d5194df4b5

      SHA1

      d742b19ee2297fd5bbd44fd2dc8d819c0239feb2

      SHA256

      5e8275243a7df840a836a6e63a1e78ee78ee005b0b72ca6576ae7825ffa27d38

      SHA512

      6388c5a22bb962eaa14cbc79d3dd7ab11ec9e6c7c28428443953b5098dd70727c1c4ea6a3df03e9a3748f61fda6e772558fe6058ab88477f7887bfd13727ea27

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar3B12.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit