0d33ab8f48e7046db2ef831c6297949734bb6dd8acd2e7d84afacfe2404454d1

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 03:10

Target

NovaSetup.exe
Size

4.1MB
MD5

9f5019341609a7b2bc1356a509520688
SHA1

aa7d86fb786baff5055c7581eb07a457fcf162b4
SHA256

0d33ab8f48e7046db2ef831c6297949734bb6dd8acd2e7d84afacfe2404454d1
SHA512

ff9e2d29758ae1305cf7b344c0a1094402738ed933ffc61440f45831a529ee25cbf18f13ca7e0648d16b5c6c4af4e89b95536a4c9c3332a5399876b582618b97
SSDEEP

98304:Tip6o9raOWcD9XdMPABIw/t6KHDiAwzUshkqXf0FZp:TcAOWs9XNBZ16M2HUykSI

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
592	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1088	NovaSetup.exe
Token: SeDebugPrivilege	592	powershell.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 1872	1088	NovaSetup.exe	28
PID 1088 wrote to memory of 1872	1088	NovaSetup.exe	28
PID 1088 wrote to memory of 1872	1088	NovaSetup.exe	28
PID 1088 wrote to memory of 1872	1088	NovaSetup.exe	28
PID 1872 wrote to memory of 592	1872	cmd.exe	30
PID 1872 wrote to memory of 592	1872	cmd.exe	30
PID 1872 wrote to memory of 592	1872	cmd.exe	30
PID 1872 wrote to memory of 592	1872	cmd.exe	30

memory/592-68-0x0000000001E40000-0x0000000001E80000-memory.dmp

Filesize
256KB

Download
memory/592-69-0x0000000001E40000-0x0000000001E80000-memory.dmp

Filesize
256KB

Download
memory/1088-57-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1088-54-0x00000000003F0000-0x000000000081A000-memory.dmp

Filesize
4.2MB

Download
memory/1088-58-0x00000000008A0000-0x00000000008F0000-memory.dmp

Filesize
320KB

Download
memory/1088-59-0x0000000000820000-0x000000000082A000-memory.dmp

Filesize
40KB

Download
memory/1088-60-0x0000000000820000-0x000000000082A000-memory.dmp

Filesize
40KB

Download
memory/1088-61-0x0000000009550000-0x0000000009602000-memory.dmp

Filesize
712KB

Download
memory/1088-66-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/1088-56-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/1088-67-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/1088-55-0x00000000079E0000-0x00000000082FE000-memory.dmp

Filesize
9.1MB

Download
memory/1088-73-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download