6ff7aedc498bef729553eafea78e4a5d498d52837f45c7c188d51cfaab10c2f9

Analysis

Target

Setup_WinThruster_2022.exe
Size

6.2MB
MD5

3a7e7ea1cf919179c78d9c1984954703
SHA1

e31ad15a0da3eb8da66cf41f7c867e5321a112ef
SHA256

6ff7aedc498bef729553eafea78e4a5d498d52837f45c7c188d51cfaab10c2f9
SHA512

c49c7c9fc88370ed88880bc2dcd2d24f611f2b96ebf9749600e7edfe563f06c8c3686a3fb6a4fa33ee9ade61ca8f79ba5a3372cfa2dcefad4a02af80687d46e2

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

Setup_WinThruster_2022.tmp

pid process

1464 Setup_WinThruster_2022.tmp
Loads dropped DLL 1 IoCs

Processes:

Setup_WinThruster_2022.exe

pid process

1580 Setup_WinThruster_2022.exe

pid	process
1464	Setup_WinThruster_2022.tmp

pid	process
1580	Setup_WinThruster_2022.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Setup_WinThruster_2022.exe

description	pid	process	target process
PID 1580 wrote to memory of 1464	1580	Setup_WinThruster_2022.exe	Setup_WinThruster_2022.tmp
PID 1580 wrote to memory of 1464	1580	Setup_WinThruster_2022.exe	Setup_WinThruster_2022.tmp
PID 1580 wrote to memory of 1464	1580	Setup_WinThruster_2022.exe	Setup_WinThruster_2022.tmp
PID 1580 wrote to memory of 1464	1580	Setup_WinThruster_2022.exe	Setup_WinThruster_2022.tmp
PID 1580 wrote to memory of 1464	1580	Setup_WinThruster_2022.exe	Setup_WinThruster_2022.tmp
PID 1580 wrote to memory of 1464	1580	Setup_WinThruster_2022.exe	Setup_WinThruster_2022.tmp
PID 1580 wrote to memory of 1464	1580	Setup_WinThruster_2022.exe	Setup_WinThruster_2022.tmp

C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp" /SL5="$60124,5556089,878080,C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe"
  2⤵
  - Executes dropped EXE
  PID:1464

C:\Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp

Filesize
3.1MB

MD5
e54d602e341148867b6314a9d0d497f6

SHA1
746b2a2380ff737505f2c3d4b8f28d7d6f9db7e0

SHA256
d683f80264ea32883ba13b2c641d595eaecb0f4efd77791d09713580cad304c6

SHA512
ad944b679fabd41954de8330f7eb9b644e374ee60d30cc89ed137578782446324b103a9937bac6aa9f0fbb65709e934e42e1d57cfa35b1f7c2de6885dacf798a

Download Submit
\Users\Admin\AppData\Local\Temp\is-NRP2C.tmp\Setup_WinThruster_2022.tmp

Filesize
3.1MB

MD5
e54d602e341148867b6314a9d0d497f6

SHA1
746b2a2380ff737505f2c3d4b8f28d7d6f9db7e0

SHA256
d683f80264ea32883ba13b2c641d595eaecb0f4efd77791d09713580cad304c6

SHA512
ad944b679fabd41954de8330f7eb9b644e374ee60d30cc89ed137578782446324b103a9937bac6aa9f0fbb65709e934e42e1d57cfa35b1f7c2de6885dacf798a

Download Submit
memory/1464-58-0x0000000000000000-mapping.dmp

Download
memory/1580-54-0x0000000076811000-0x0000000076813000-memory.dmp

Filesize
8KB

Download
memory/1580-55-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/1580-60-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/1580-62-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download