a8cd3c1eae4e7cd5335c3b0d8f9f4f16f3393f7ea37a28313ad6facbf075a3e7

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 17:20

Target

Setup.exe
Size

30.0MB
MD5

cf6fd1df52cb9745bfe78226ae510b31
SHA1

c8779934a08a5ffb02a189544f6940038eff0a46
SHA256

a8cd3c1eae4e7cd5335c3b0d8f9f4f16f3393f7ea37a28313ad6facbf075a3e7
SHA512

caf2d6927a901b65e0e9efbcc38f66dfe4163f86dadd01a29f42044d85b88572b461e0b3061f1246fe32b1279c13d2a8b812321bde61d7dcec350126f107d9b3
SSDEEP

786432:XE3VpIzZZHPenCSlmqj7uGMGvGEkyh3j8Y:XE3VWWCSlm87MryhX

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4260	Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4260	4844	Setup.exe	83
PID 4844 wrote to memory of 4260	4844	Setup.exe	83
PID 4844 wrote to memory of 4260	4844	Setup.exe	83

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Users\Admin\AppData\Local\Temp\is-N8N6P.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-N8N6P.tmp\Setup.tmp" /SL5="$A0060,31194637,53248,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:4260

C:\Users\Admin\AppData\Local\Temp\is-N8N6P.tmp\Setup.tmp

Filesize
691KB

MD5
2e5dadc1722068c8ec619a04e2e38b4f

SHA1
b0c2d366c43db76cdbc11512d0d462d7a8e876e3

SHA256
1575bc3f44efc59e0ebd738bd6e29348a463212ce16e7f7f60244ec331e49292

SHA512
d632e629db43db82175e109cc5e2e9c5cf36a304f89a274b31cd4d21831b2a32973c6b650c337f0f57c9f317221608979639fa7f2099acb821fc2eddd334a11d

Download Submit
memory/4844-132-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4844-135-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download