4b9c70d118803fbc80d0269caa2809e1842d7d5a155da6df7eefdbf0b511bd12

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2023, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreeMind-Windows-Installer-1.0.1-max.exe
Size

35.9MB
MD5

5550a8e4906706c418a052ee9537882a
SHA1

a364e3ade0946c82760c14fed5a6640ff0deace0
SHA256

4b9c70d118803fbc80d0269caa2809e1842d7d5a155da6df7eefdbf0b511bd12
SHA512

38b3db73fa2a3bc5d8e5b83325b05ed8c395a2acdf66afcb2286a244f6dba4f148fd61f1b4d9a4fa1cab5e207a09561897e9b2cfb148c192e1953a030ae41a90
SSDEEP

786432:zeO0u8P0hWcru78Nh0MIgiZW8t1iUJi9fT8qr6bWrZCv1/CEaN5Vhv:zeFcro8T0MkD4r8qr6bWgv1CNfhv

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4188	FreeMind-Windows-Installer-1.0.1-max.tmp

Loads dropped DLL 3 IoCs

pid	Process
4188	FreeMind-Windows-Installer-1.0.1-max.tmp
4188	FreeMind-Windows-Installer-1.0.1-max.tmp
4188	FreeMind-Windows-Installer-1.0.1-max.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 4188	1360	FreeMind-Windows-Installer-1.0.1-max.exe	84
PID 1360 wrote to memory of 4188	1360	FreeMind-Windows-Installer-1.0.1-max.exe	84
PID 1360 wrote to memory of 4188	1360	FreeMind-Windows-Installer-1.0.1-max.exe	84

C:\Users\Admin\AppData\Local\Temp\FreeMind-Windows-Installer-1.0.1-max.exe
"C:\Users\Admin\AppData\Local\Temp\FreeMind-Windows-Installer-1.0.1-max.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Users\Admin\AppData\Local\Temp\is-3M8LU.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3M8LU.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp" /SL5="$70116,37343890,56832,C:\Users\Admin\AppData\Local\Temp\FreeMind-Windows-Installer-1.0.1-max.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3M8LU.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3M8LU.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K2EA5.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K2EA5.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K2EA5.tmp\isxbb.dll

Filesize
11KB

MD5
3133066770f4cbabc512bb73ca6c39ff

SHA1
5ea2a744442c521c72c2c9de7513cd05b961e591

SHA256
8acfa833388f02a698896ca8c581d098c9ea71d5d38b3d40757e1693788f1565

SHA512
7bcf1d56301b4f40ac10ba74f80c1cb21b6e95ef382c1310e4b2086da709eb62a3eb870c05a44990d75015f4fcfda4873442e1e42d0083f9bda2f7939e612234

Download Submit
memory/1360-132-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1360-134-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1360-142-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4188-140-0x00000000047F1000-0x00000000047F3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads