Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.55363635880913
Filename:	Setup.exe
Filesize:	3176304
MD5:	cd31545772cdb4e84902f25d3363c58d
SHA1:	88ab168cbfc19785caab11109b4682d3cfcfafae
SHA256:	3c80fd894036f549fb831d271595df775ebaba7d98fdeea579bfae3c9d42ec53
SHA512:	482be992b98efe56ed1a4cb5716d12321c5e28d144b985ad40b9d152cde47d467b052946e82ee2c3d63f7668705c6318f1d61f34eb0533b5ea358467af096d75
SSDEEP:	49152:S5XjOui0/5LKqLhtbx/p/noQUhtm683Df7klWYBiCKhSOoSvbJp5+5q:ShjOp0hKqLhbpPoThM68377vBKepA4
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bF+N&'E.&'E.&'E.];I.%'E..;K.9'E.I8O..'E.I8N.)'E...Y.%'E...`.$'E. .O.$'E.&'D.v&E...\.3'E. .N..'E..!C.''E.Rich&'E................

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Creates or modifies windows services	Boot Survival	Windows Service
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Uses 32bit PE files	Compliance, System Summary
Checks the free space of harddrives	Malware Analysis System Evasion	System Information Discovery
Creates files inside the program directory	System Summary
Creates mutexes	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery
PE file has an executable .text section and no other executable section	System Summary
Reads ini files	System Summary
Reads software policies	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Writes ini files	System Summary
Creates a software restore point	Compliance
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary
Uses Rich Edit Controls	System Summary

Details

File:	C:\Program Files (x86)\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.ilg (copy)
Category:	dropped
Dump:	58f1.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files (x86)\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.ini
Category:	dropped
Dump:	setup.ini0.0.dr
ID:	dr_29
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Generic INItialization configuration [Languages]
Entropy:	5.488183152545981
Encrypted:	false
Size:	602
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\58f1.rra
Category:	dropped
Dump:	58f1.rra.0.dr
ID:	dr_35
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	2.7303273331476663
Encrypted:	false
Size:	184320
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\ISSetup.dll
Category:	dropped
Dump:	ISSetup.dll.0.dr
ID:	dr_11
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Entropy:	7.6019064631901445
Encrypted:	false
Size:	535552
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\data1.cab
Category:	dropped
Dump:	data1.cab.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	InstallShield CAB
Entropy:	7.997134344731452
Encrypted:	true
Size:	795922
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\data1.hdr
Category:	dropped
Dump:	data1.hdr.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	InstallShield CAB
Entropy:	3.856523027926118
Encrypted:	false
Size:	16276
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\layout.bin
Category:	dropped
Dump:	layout.bin.0.dr
ID:	dr_12
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	data
Entropy:	2.262342544079411
Encrypted:	false
Size:	473
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.exe
Category:	dropped
Dump:	setup.exe.0.dr
ID:	dr_13
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.32742650769751
Encrypted:	false
Size:	372736
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.ini
Category:	dropped
Dump:	setup.ini.0.dr
ID:	dr_14
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Generic INItialization configuration [Languages]
Entropy:	5.451274444063703
Encrypted:	false
Size:	528
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Reads ini files	System Summary	File and Directory Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.inx
Category:	dropped
Dump:	setup.inx.0.dr
ID:	dr_15
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	data
Entropy:	7.386783953507761
Encrypted:	false
Size:	227326
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\Disk1\setup.iss
Category:	dropped
Dump:	setup.iss.0.dr
ID:	dr_16
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Generic INItialization configuration [File Transfer]
Entropy:	5.306138274389431
Encrypted:	false
Size:	657
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{1FEFAA11-8F3D-4F80-A5E1-443AA44B1895}\_Setup.dll
Category:	dropped
Dump:	_Setup.dll.0.dr
ID:	dr_17
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.575463563840559
Encrypted:	false
Size:	332744
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\{254b0c33-77a9-5a4b-be66-7d93eedacb69}\SETB5E8.tmp
Category:	modified
Dump:	SETB5E8.tmp.0.dr
ID:	dr_28
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Windows setup INFormation
Entropy:	5.322995161668334
Encrypted:	false
Size:	2850
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{254b0c33-77a9-5a4b-be66-7d93eedacb69}\ser2pl.inf (copy)
Category:	dropped
Dump:	SETB5E8.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Windows setup INFormation
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBE59db.rra
Category:	dropped
Dump:	ISBE59db.rra.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	5.948474195507666
Encrypted:	false
Size:	120768
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\ISBEW64.exe (copy)
Category:	dropped
Dump:	ISBE59db.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\core599d.rra
Category:	dropped
Dump:	core599d.rra.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.783333450686201
Encrypted:	false
Size:	65503
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\corecomp.ini (copy)
Category:	dropped
Dump:	core599d.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotn599d.rra
Category:	dropped
Dump:	dotn599d.rra.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.884578809185698
Encrypted:	false
Size:	10704
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\dotnetinstaller.exe (copy)
Category:	dropped
Dump:	dotn599d.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\DIFx59cc.rra
Category:	dropped
Dump:	DIFx59cc.rra.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.629340123004133
Encrypted:	false
Size:	86
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\DIFxData.ini (copy)
Category:	dropped
Dump:	DIFx59cc.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Font59bc.rra
Category:	dropped
Dump:	Font59bc.rra.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.162980744225906
Encrypted:	false
Size:	39
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\FontData.ini (copy)
Category:	dropped
Dump:	Font59bc.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Lice597e.rra
Category:	dropped
Dump:	Lice597e.rra.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with very long lines (943), with CRLF line terminators
Entropy:	5.01241084080729
Encrypted:	false
Size:	5435
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\License.txt (copy)
Category:	dropped
Dump:	Lice597e.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with very long lines (943), with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setu598d.rra
Category:	dropped
Dump:	Setu598d.rra.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.6303825114736545
Encrypted:	false
Size:	73728
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\SetupEx.dll (copy)
Category:	dropped
Dump:	Setu598d.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Stri59eb.rra
Category:	dropped
Dump:	Stri59eb.rra.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.362283293393229
Encrypted:	false
Size:	2230
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\StringTable-0009-English.ips (copy)
Category:	dropped
Dump:	Stri59eb.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2ac03.rra
Category:	dropped
Dump:	ser2ac03.rra.0.dr
ID:	dr_26
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (native) Intel 80386, for MS Windows
Entropy:	6.50929110698456
Encrypted:	false
Size:	81920
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2pl.inf (copy)
Category:	dropped
Dump:	ser2ac03.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (native) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Vista\ser2pl.sys (copy)
Category:	dropped
Dump:	ser2ac03.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (native) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsR5a1a.rra
Category:	dropped
Dump:	_IsR5a1a.rra.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Entropy:	7.720544496731414
Encrypted:	false
Size:	126912
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\_IsRes.dll (copy)
Category:	dropped
Dump:	_IsR5a1a.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\defa5a0a.rra
Category:	dropped
Dump:	defa5a0a.rra.0.dr
ID:	dr_19
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Entropy:	2.551387347019812
Encrypted:	false
Size:	1168
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\default.pal (copy)
Category:	dropped
Dump:	defa5a0a.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt.dll (copy)
Category:	dropped
Dump:	isrt59eb.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\{5D8075F0-4DED-4B0C-B9EB-DF1DCD69C020}\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\isrt59eb.rra
Category:	dropped
Dump:	isrt59eb.rra.0.dr
ID:	dr_18
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Entropy:	7.941740126132889
Encrypted:	false
Size:	222144
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\INF\SERSabb4.rra
Category:	dropped
Dump:	SERSabb4.rra.0.dr
ID:	dr_21
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Windows setup INFormation
Entropy:	5.611064162397153
Encrypted:	false
Size:	2280
Whitelisted:	false

Details

File:	C:\Windows\INF\SERWabb4.rra
Category:	dropped
Dump:	SERWabb4.rra.0.dr
ID:	dr_22
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Generic INItialization configuration [Pro]
Entropy:	5.450282770791616
Encrypted:	false
Size:	2537
Whitelisted:	false

Details

File:	C:\Windows\INF\setupapi.dev.log
Category:	dropped
Dump:	setupapi.dev.log0.0.dr
ID:	dr_33
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Generic INItialization configuration [BeginLog]
Entropy:	5.219399797153902
Encrypted:	false
Size:	2495591
Whitelisted:	false

Details

File:	C:\Windows\SysWOW64\SER9PL.sys (copy)
Category:	dropped
Dump:	SER9ab95.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (native) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\SysWOW64\SER9ab95.rra
Category:	dropped
Dump:	SER9ab95.rra.0.dr
ID:	dr_30
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (native) Intel 80386, for MS Windows
Entropy:	5.935465769471254
Encrypted:	false
Size:	35892
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\SysWOW64\SERSPL.VXD (copy)
Category:	dropped
Dump:	SERSaba5.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	MS-DOS executable, LE executable for MS Windows (VxD)
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\SysWOW64\SERSaba5.rra
Category:	dropped
Dump:	SERSaba5.rra.0.dr
ID:	dr_20
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	MS-DOS executable, LE executable for MS Windows (VxD)
Entropy:	5.4670177974015575
Encrypted:	false
Size:	26719
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBD77.tmp
Category:	dropped
Dump:	SETBD77.tmp.21.dr
ID:	dr_31
Target ID:	21
Process:	C:\Windows\System32\drvinst.exe
Type:	PE32+ executable (native) x86-64, for MS Windows
Entropy:	6.240060218064393
Encrypted:	false
Size:	97280
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Deletes files inside the Windows folder	System Summary	File Deletion
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\SETBE72.tmp
Category:	dropped
Dump:	SETBE72.tmp.21.dr
ID:	dr_32
Target ID:	21
Process:	C:\Windows\System32\drvinst.exe
Type:	data
Entropy:	7.109195449660102
Encrypted:	false
Size:	7929
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops certificate files (DER)	E-Banking Fraud

Details

File:	C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\ser2pl.cat (copy)
Category:	dropped
Dump:	SETBE72.tmp.21.dr
Target ID:	21
Process:	C:\Windows\System32\drvinst.exe
Type:	data
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\System32\DriverStore\Temp\{8c53135d-4d2b-fe49-94ed-d03bab0b35f4}\ser2pl64.sys (copy)
Category:	dropped
Dump:	SETBD77.tmp.21.dr
Target ID:	21
Process:	C:\Windows\System32\drvinst.exe
Type:	PE32+ executable (native) x86-64, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\System32\catroot2\dberr.txt
Category:	modified
Dump:	dberr.txt.21.dr
ID:	dr_34
Target ID:	21
Process:	C:\Windows\System32\drvinst.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.389892519503095
Encrypted:	false
Size:	74026
Whitelisted:	false

Details

File:	C:\Windows\Temp\Deleabd4.rra
Category:	dropped
Dump:	Deleabd4.rra.0.dr
ID:	dr_24
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	5.81670184600834
Encrypted:	false
Size:	143360
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\Temp\DeleteUSB.exe (copy)
Category:	dropped
Dump:	Deleabd4.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\Temp\PLUninst.exe (copy)
Category:	dropped
Dump:	Uninabe3.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\Temp\QRemabb4.rra
Category:	dropped
Dump:	QRemabb4.rra.0.dr
ID:	dr_23
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	5.947376041251099
Encrypted:	false
Size:	147456
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\Temp\QRemover.exe (copy)
Category:	dropped
Dump:	QRemabb4.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\Temp\Uninabe3.rra
Category:	dropped
Dump:	Uninabe3.rra.0.dr
ID:	dr_25
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	5.782465161186039
Encrypted:	false
Size:	143360
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\Temp\Uninstall.ICO (copy)
Category:	dropped
Dump:	Uninabe3.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\Temp\Uninstall.exe (copy)
Category:	dropped
Dump:	Uninabe3.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\inf\SERSPL.INF (copy)
Category:	dropped
Dump:	SERSabb4.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Windows setup INFormation
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Windows\inf\SERWPL.INF (copy)
Category:	dropped
Dump:	SERWabb4.rra.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\Setup.exe
Type:	Generic INItialization configuration [Pro]
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Setup.exe

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSetup.exe

Files

IOC Report
Setup.exe