e141e9a1a0094095d5e26077311418a01dac429e68d3ff07a734385eb0172bea

Analysis

max time kernel
40s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:02

Target

WinSCP-5.21.5-Setup.exe
Size

10.9MB
MD5

20c5329d7fde522338f037a7fe8a84eb
SHA1

c55a60799cfa24c1aeffcd2ca609776722e84f1b
SHA256

e141e9a1a0094095d5e26077311418a01dac429e68d3ff07a734385eb0172bea
SHA512

58813bb051bd66c29e3384dcf7ec7ca91f2e25506f28ca16e9620a7144bea1140d91dddb1131c6befc17e976e4992d0cce1528f90d536fe827ada1be44f7f1a5
SSDEEP

196608:HCImpQVrv0m6lhmBMlvOxwnIBSnCITfLb8MAFGrCaPiqXpAo83jVolDN/+z+:qQRScMlv7YSnC8fLbUGr0UAH3+AK

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

WinSCP-5.21.5-Setup.tmp

pid process

1784 WinSCP-5.21.5-Setup.tmp
Loads dropped DLL 1 IoCs

Processes:

WinSCP-5.21.5-Setup.exe

pid process

2020 WinSCP-5.21.5-Setup.exe

pid	process
1784	WinSCP-5.21.5-Setup.tmp

pid	process
2020	WinSCP-5.21.5-Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

WinSCP-5.21.5-Setup.exe

description	pid	process	target process
PID 2020 wrote to memory of 1784	2020	WinSCP-5.21.5-Setup.exe	WinSCP-5.21.5-Setup.tmp
PID 2020 wrote to memory of 1784	2020	WinSCP-5.21.5-Setup.exe	WinSCP-5.21.5-Setup.tmp
PID 2020 wrote to memory of 1784	2020	WinSCP-5.21.5-Setup.exe	WinSCP-5.21.5-Setup.tmp
PID 2020 wrote to memory of 1784	2020	WinSCP-5.21.5-Setup.exe	WinSCP-5.21.5-Setup.tmp
PID 2020 wrote to memory of 1784	2020	WinSCP-5.21.5-Setup.exe	WinSCP-5.21.5-Setup.tmp
PID 2020 wrote to memory of 1784	2020	WinSCP-5.21.5-Setup.exe	WinSCP-5.21.5-Setup.tmp
PID 2020 wrote to memory of 1784	2020	WinSCP-5.21.5-Setup.exe	WinSCP-5.21.5-Setup.tmp

C:\Users\Admin\AppData\Local\Temp\is-PNSSC.tmp\WinSCP-5.21.5-Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PNSSC.tmp\WinSCP-5.21.5-Setup.tmp" /SL5="$60120,10341138,864768,C:\Users\Admin\AppData\Local\Temp\WinSCP-5.21.5-Setup.exe"
2⤵
- Executes dropped EXE
PID:1784

C:\Users\Admin\AppData\Local\Temp\is-PNSSC.tmp\WinSCP-5.21.5-Setup.tmp

Filesize
3.1MB

MD5
5199871088e5624536897ecad757f028

SHA1
b9ae6f0b61bffd4452829d1a62040c3fc4dc2f8c

SHA256
4014533c0d92ed68b93a5b5e4285ebb560e8893a08a99d3437b911448c68d9a2

SHA512
12a15c2f1419b41a63958159aea012ab194143daffcfce4efb096867a055729ddec259d43d98e72d617ea2e4d77885298455d80ff208c9e20161ef11a001c4d9

Download Submit
\Users\Admin\AppData\Local\Temp\is-PNSSC.tmp\WinSCP-5.21.5-Setup.tmp

Filesize
3.1MB

MD5
5199871088e5624536897ecad757f028

SHA1
b9ae6f0b61bffd4452829d1a62040c3fc4dc2f8c

SHA256
4014533c0d92ed68b93a5b5e4285ebb560e8893a08a99d3437b911448c68d9a2

SHA512
12a15c2f1419b41a63958159aea012ab194143daffcfce4efb096867a055729ddec259d43d98e72d617ea2e4d77885298455d80ff208c9e20161ef11a001c4d9

Download Submit
memory/1784-59-0x0000000000000000-mapping.dmp

Download
memory/2020-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/2020-55-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2020-57-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2020-62-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download