Analysis
-
max time kernel
91s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-06-2022 10:48
Static task
static1
Behavioral task
behavioral1
Sample
Setup_WinThruster_2022.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Setup_WinThruster_2022.exe
Resource
win10v2004-20220414-en
General
-
Target
Setup_WinThruster_2022.exe
-
Size
6.2MB
-
MD5
3a7e7ea1cf919179c78d9c1984954703
-
SHA1
e31ad15a0da3eb8da66cf41f7c867e5321a112ef
-
SHA256
6ff7aedc498bef729553eafea78e4a5d498d52837f45c7c188d51cfaab10c2f9
-
SHA512
c49c7c9fc88370ed88880bc2dcd2d24f611f2b96ebf9749600e7edfe563f06c8c3686a3fb6a4fa33ee9ade61ca8f79ba5a3372cfa2dcefad4a02af80687d46e2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1316 Setup_WinThruster_2022.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4416 wrote to memory of 1316 4416 Setup_WinThruster_2022.exe 83 PID 4416 wrote to memory of 1316 4416 Setup_WinThruster_2022.exe 83 PID 4416 wrote to memory of 1316 4416 Setup_WinThruster_2022.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe"C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Users\Admin\AppData\Local\Temp\is-DLN61.tmp\Setup_WinThruster_2022.tmp"C:\Users\Admin\AppData\Local\Temp\is-DLN61.tmp\Setup_WinThruster_2022.tmp" /SL5="$501E2,5556089,878080,C:\Users\Admin\AppData\Local\Temp\Setup_WinThruster_2022.exe"2⤵
- Executes dropped EXE
PID:1316
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD5e54d602e341148867b6314a9d0d497f6
SHA1746b2a2380ff737505f2c3d4b8f28d7d6f9db7e0
SHA256d683f80264ea32883ba13b2c641d595eaecb0f4efd77791d09713580cad304c6
SHA512ad944b679fabd41954de8330f7eb9b644e374ee60d30cc89ed137578782446324b103a9937bac6aa9f0fbb65709e934e42e1d57cfa35b1f7c2de6885dacf798a