ff7ce6bb4da1301b4a05577a8ca5e901d8469371686e273316362a3f50b4980f

Analysis

max time kernel
402s
max time network
411s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/01/2023, 12:36

Target

SetupFile.exe
Size

762.9MB
MD5

6ee8aef895a4a94d745ad2d1464e316c
SHA1

cf6ae8cb821267875a5b7224e13a1ea3b43d87bb
SHA256

76f4b9e74057d1a8d59934479a69c601833f3e7151f70f576924a70228451c7c
SHA512

97c7d9fa7e64f487d29704a57dd9bfe2f4478a709ddf5e1eae412148250f2755436a0104fc9ea76d6f6d7dd02fd2c7d19e4693cde35f98b7727a471142eb8b55
SSDEEP

98304:tfE8eSY+aKtQGU+dbeIhDDL1l1eEdW+xy/UNRc9X6UI4lXq81rwQIaVMPauQPKCx:tfEhj+3U+x9Xl13W8ysNRc9r/pqUx

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1520	SetupFile.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1520	SetupFile.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 900	1520	SetupFile.exe	28
PID 1520 wrote to memory of 900	1520	SetupFile.exe	28
PID 1520 wrote to memory of 900	1520	SetupFile.exe	28
PID 1520 wrote to memory of 900	1520	SetupFile.exe	28
PID 1520 wrote to memory of 900	1520	SetupFile.exe	28
PID 1520 wrote to memory of 900	1520	SetupFile.exe	28
PID 1520 wrote to memory of 900	1520	SetupFile.exe	28

C:\Users\Admin\AppData\Local\Temp\SetupFile.exe
"C:\Users\Admin\AppData\Local\Temp\SetupFile.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe"
  2⤵
  PID:900

memory/1520-54-0x0000000001140000-0x000000000205E000-memory.dmp

Filesize
15.1MB

Download
memory/1520-55-0x000000001BF90000-0x000000001C1EE000-memory.dmp

Filesize
2.4MB

Download