7572a957e28c29eb2d7ec7481ef78be7b2d85d5f356506b5d151d2f6e54ffd2d

Analysis

max time kernel
225s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2023, 19:01

Target

Setup.exe
Size

726.8MB
MD5

d65586901415c8485dd5dabb3e689840
SHA1

7e35d99c1b293aebab6126f8a761b051fafe48d9
SHA256

21d7ca5e7d331b90c2e010826770c8990f1fab404b6638060df58203ebbb8295
SHA512

41fdd2d0ee8482510d5d22bd102d7e5b8be11d298e5fdf563d7b67fd28fbfbf0f2442138ab5e7106e106423141253d90ed6d372ce6cbba0ec693e902d8a7ad9c
SSDEEP

196608:B8JkMi8jKWH1B6jiF4ttI4JAaZ+YS3w0BRK:aJkMi8jxHyjiFCI4JS3rRK

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1764	Setup.exe
1764	Setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1764	Setup.exe
1764	Setup.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1800

memory/1764-132-0x0000000000400000-0x0000000000F8B000-memory.dmp

Filesize
11.5MB

Download
memory/1764-134-0x0000000000400000-0x0000000000F8B000-memory.dmp

Filesize
11.5MB

Download
memory/1764-135-0x0000000000400000-0x0000000000F8B000-memory.dmp

Filesize
11.5MB

Download
memory/1764-136-0x0000000000400000-0x0000000000F8B000-memory.dmp

Filesize
11.5MB

Download
memory/1764-137-0x0000000000400000-0x0000000000F8B000-memory.dmp

Filesize
11.5MB

Download