2e25487afa59800e53d9116f10d01ffda44326f446966fda4b6d667ee90d4c4f

Analysis

max time kernel
961s
max time network
964s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2022 04:56

Target

SetupMain.exe
Size

10.0MB
MD5

720296d00845e149a57a103201f09e2a
SHA1

edf79f7aca5adb29404db3ae2afbe0fbbbee8eef
SHA256

2e25487afa59800e53d9116f10d01ffda44326f446966fda4b6d667ee90d4c4f
SHA512

787b56281a6c23219da2db25ede4f90e0836508d92d20dc0bd6b14a66a9feedba38ce62bec119c9ca76001c5548e3f4153211e681f4ee05a8c134c1f85961324
SSDEEP

196608:3K48YbtSvdrmS+0EDHqJA6tisNJjZiODHc:3KcbtSvdr1qH0pt3NJViUHc

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
23	3004	powershell.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 26 IoCs

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3004	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 3004	2504	SetupMain.exe	87
PID 2504 wrote to memory of 3004	2504	SetupMain.exe	87
PID 2504 wrote to memory of 3004	2504	SetupMain.exe	87

C:\Users\Admin\AppData\Local\Temp\SetupMain.exe
"C:\Users\Admin\AppData\Local\Temp\SetupMain.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe"
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3004

memory/2504-132-0x0000000000820000-0x00000000010A0000-memory.dmp

Filesize
8.5MB

Download
memory/2504-133-0x0000000007E60000-0x0000000008404000-memory.dmp

Filesize
5.6MB

Download
memory/2504-134-0x00000000079B0000-0x0000000007A42000-memory.dmp

Filesize
584KB

Download
memory/2504-135-0x0000000007B50000-0x0000000007B5A000-memory.dmp

Filesize
40KB

Download
memory/3004-137-0x0000000002760000-0x0000000002796000-memory.dmp

Filesize
216KB

Download
memory/3004-138-0x00000000051C0000-0x00000000057E8000-memory.dmp

Filesize
6.2MB

Download
memory/3004-139-0x00000000050B0000-0x00000000050D2000-memory.dmp

Filesize
136KB

Download
memory/3004-140-0x0000000005150000-0x00000000051B6000-memory.dmp

Filesize
408KB

Download
memory/3004-141-0x0000000005A20000-0x0000000005A86000-memory.dmp

Filesize
408KB

Download
memory/3004-142-0x00000000060F0000-0x000000000610E000-memory.dmp

Filesize
120KB

Download
memory/3004-143-0x00000000070C0000-0x0000000007104000-memory.dmp

Filesize
272KB

Download
memory/3004-144-0x0000000007410000-0x0000000007486000-memory.dmp

Filesize
472KB

Download
memory/3004-145-0x0000000007B10000-0x000000000818A000-memory.dmp

Filesize
6.5MB

Download
memory/3004-146-0x0000000007490000-0x00000000074AA000-memory.dmp

Filesize
104KB

Download