Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
21-11-2021 14:35
General
-
Target
Setup_WinThruster_2021.exe
-
Size
6.1MB
-
MD5
426fd133506f9bec04b326330e2b31a9
-
SHA1
973bbb18d2c2ae7a12812700ee5253e68802bc0f
-
SHA256
357f1b029541bda80fb1b5dc0c099069f32c93ac182a16219fb30d50229fd498
-
SHA512
158e1049285bc4fcbb1104b3b7f9facb84813bceb9b25c0fa3d144252227abd5deb9161a39ba13e65563a7d0e0b2d9a9a9c9f951a825a73f27d2eae2f19c1278
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2021.exe"C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2021.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-DV4LA.tmp\Setup_WinThruster_2021.tmp"C:\Users\Admin\AppData\Local\Temp\is-DV4LA.tmp\Setup_WinThruster_2021.tmp" /SL5="$3011A,5514338,878080,C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2021.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-DV4LA.tmp\Setup_WinThruster_2021.tmpMD5
3a3305330ad78837ffcd94fa287973e3
SHA173586304f35e4e8a6bba8574b9bacaaaae4af1f0
SHA25689747c19d5ff724c19856ed9e6dc94cb72c3ac55f45d4a1fc079e979805afe54
SHA5121044d1c8ee49f824562b0b90954a644516edb335499b3df01c3d8c346e66280129982ec135df7ee8e1509e37889b129bde040d6f89f22ec2a6144e95665e294a
-
memory/2728-119-0x0000000000400000-0x00000000004E4000-memory.dmpFilesize
912KB
-
memory/3284-117-0x0000000000000000-mapping.dmp
-
memory/3284-120-0x0000000000720000-0x00000000007CE000-memory.dmpFilesize
696KB