2d3b9b4d0ab6d4a8a054e9e6bc51133505b52818fc557078f0f0f454b17e2274

Analysis

max time kernel
86s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 15:16

Target

Setup_patched.exe
Size

1.5MB
MD5

cd6f05944060326413c2c889596e9a4d
SHA1

6fc974572f0f56b216224f48ffac95777af7748f
SHA256

2d3b9b4d0ab6d4a8a054e9e6bc51133505b52818fc557078f0f0f454b17e2274
SHA512

2f7a9a42b6bf2f978fa7435cf256b41f13e6681d22a14d4f52bc9466ade5a9c8ae1576a0470482733d45b8182eac0eb308294a015533c77a9a08dd4ffb5f04b1
SSDEEP

12288:/EMEBfMaViZ4VsIDk1l/BvV4qK7PYbWmovpXB8OdccORWb9PkIhq9+tJi4o1+0aM:/ECZ4Vtca240FM0QawGZtCe0YgDNCO2H

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3904 set thread context of 956	3904	Setup_patched.exe	92

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3904	Setup_patched.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 3308	3904	Setup_patched.exe	86
PID 3904 wrote to memory of 3308	3904	Setup_patched.exe	86
PID 3904 wrote to memory of 1272	3904	Setup_patched.exe	87
PID 3904 wrote to memory of 1272	3904	Setup_patched.exe	87
PID 3904 wrote to memory of 1580	3904	Setup_patched.exe	88
PID 3904 wrote to memory of 1580	3904	Setup_patched.exe	88
PID 3904 wrote to memory of 3364	3904	Setup_patched.exe	89
PID 3904 wrote to memory of 3364	3904	Setup_patched.exe	89
PID 3904 wrote to memory of 3156	3904	Setup_patched.exe	90
PID 3904 wrote to memory of 3156	3904	Setup_patched.exe	90
PID 3904 wrote to memory of 1300	3904	Setup_patched.exe	91
PID 3904 wrote to memory of 1300	3904	Setup_patched.exe	91
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92
PID 3904 wrote to memory of 956	3904	Setup_patched.exe	92

C:\Users\Admin\AppData\Local\Temp\Setup_patched.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_patched.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"
  2⤵
  PID:3308
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:1272
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"
  2⤵
  PID:1580
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe"
  2⤵
  PID:3364
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
  2⤵
  PID:3156
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"
  2⤵
  PID:1300
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"
  2⤵
  PID:956

memory/956-135-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/956-138-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/956-139-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3904-133-0x000001B728380000-0x000001B7284FC000-memory.dmp

Filesize
1.5MB

Download
memory/3904-134-0x000001B743670000-0x000001B743680000-memory.dmp

Filesize
64KB

Download