37fab777eed6ae75d322c8d57ddb6294a2599daa332041bb093e002904a9e0e7

Resubmissions

30/08/2022, 12:22

30/08/2022, 12:17

max time kernel
136s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2022, 12:17

Target

Setup.exe
Size

5.4MB
MD5

30697215893fca2f6188cdcd7f3ddedf
SHA1

07ebbdfecb6bab757dc71e5d94ddf02756ffb94f
SHA256

37fab777eed6ae75d322c8d57ddb6294a2599daa332041bb093e002904a9e0e7
SHA512

73ff33fb60cbb6dae797e328f5fcc9affaed8412e76fa8307c5f264d5c2178220e7be703821a063ecace1cc635de1c550dcd8342fcb9865541b25825dcae0e47
SSDEEP

24576:34wsvYyY7XdKoFMHUoigrfEjnDnwViw8quVaBfGgzxoRjADVLZDFgyThCl3RuQ57:Iw7S2wAqNBfGgNoRjADV4l3B

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3360 set thread context of 150660	3360	Setup.exe	83

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 150660	3360	Setup.exe	83
PID 3360 wrote to memory of 150660	3360	Setup.exe	83
PID 3360 wrote to memory of 150660	3360	Setup.exe	83
PID 3360 wrote to memory of 150660	3360	Setup.exe	83
PID 3360 wrote to memory of 150660	3360	Setup.exe	83

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:150660

memory/3360-140-0x0000000000400000-0x000000000058D000-memory.dmp

Filesize
1.6MB

Download
memory/150660-133-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/150660-139-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download