5f64190eb10b2cbba325b88f6f2e1a93c872383a6e62fed6a46842ed25b4489a

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
22-12-2022 17:06

Target

StartBack AiO 1.0.65.1.exe
Size

5.5MB
MD5

58aa37678ae6d9de7b91eb06ece1a104
SHA1

755997c2705cadefd7e567a93f755537f1459d50
SHA256

9e423f202422338ba16f1c0cb3d3e9a081031c188720103ac5be48e3689f46d0
SHA512

9d47777fe73640f95139b1d7e4bbf84c96cc52005508d0e4c63572c9c9cf04bc0775a8c9f6ddbc600a0ec872c0f88754044b1c609d430b1ae84cd60a5e4e5dd0
SSDEEP

98304:HssI+4PzxV69AGMjPUqCU+0osRF0DkYkmyS8FjJTx0cgseqiuaOOYMakDfHAfCK8:tI+4PzxV69nTM+07GklyqL/gsPiui/Hd

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
904	StartBack AiO 1.0.65.1.tmp

Loads dropped DLL 1 IoCs

pid	Process
2012	StartBack AiO 1.0.65.1.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 904	2012	StartBack AiO 1.0.65.1.exe	28
PID 2012 wrote to memory of 904	2012	StartBack AiO 1.0.65.1.exe	28
PID 2012 wrote to memory of 904	2012	StartBack AiO 1.0.65.1.exe	28
PID 2012 wrote to memory of 904	2012	StartBack AiO 1.0.65.1.exe	28
PID 2012 wrote to memory of 904	2012	StartBack AiO 1.0.65.1.exe	28
PID 2012 wrote to memory of 904	2012	StartBack AiO 1.0.65.1.exe	28
PID 2012 wrote to memory of 904	2012	StartBack AiO 1.0.65.1.exe	28

C:\Users\Admin\AppData\Local\Temp\StartBack AiO 1.0.65.1.exe
"C:\Users\Admin\AppData\Local\Temp\StartBack AiO 1.0.65.1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\is-64UBN.tmp\StartBack AiO 1.0.65.1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-64UBN.tmp\StartBack AiO 1.0.65.1.tmp" /SL5="$60126,5455581,64512,C:\Users\Admin\AppData\Local\Temp\StartBack AiO 1.0.65.1.exe"
  2⤵
  - Executes dropped EXE
  PID:904

C:\Users\Admin\AppData\Local\Temp\is-64UBN.tmp\StartBack AiO 1.0.65.1.tmp

Filesize
911KB

MD5
2bbecb156b7d6f099cfa2361f481d8a2

SHA1
57bfd64b9ddf14015f667eed91c1eb472c3b1b3a

SHA256
b1c19d727278d178a28016ff6a5816c87ef7066f81111a0af74a35d854c05246

SHA512
a70f006fd333552794562dfea282a0622fb35d41e1d7aa9c93014d6a649ca59982303ecbc4cdd9678cbb4a1862b05fd28389813d0e1252d44469223f55414e71

Download Submit
\Users\Admin\AppData\Local\Temp\is-64UBN.tmp\StartBack AiO 1.0.65.1.tmp

Filesize
911KB

MD5
2bbecb156b7d6f099cfa2361f481d8a2

SHA1
57bfd64b9ddf14015f667eed91c1eb472c3b1b3a

SHA256
b1c19d727278d178a28016ff6a5816c87ef7066f81111a0af74a35d854c05246

SHA512
a70f006fd333552794562dfea282a0622fb35d41e1d7aa9c93014d6a649ca59982303ecbc4cdd9678cbb4a1862b05fd28389813d0e1252d44469223f55414e71

Download Submit
memory/904-58-0x0000000000000000-mapping.dmp

Download
memory/2012-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/2012-55-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2012-61-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2012-62-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download