ea4f53eab434629c439b796b2bacc9c55d5c53e2810b5ea35ad28f3ef4e5ee8e

Analysis

max time kernel
142s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-06-2023 17:39

Target

FORScanSetup2.3.50.release.exe
Size

33.1MB
MD5

54681bcf26c8d5d2fe0349e751acc219
SHA1

2f1d3fd3a9683a2f4b2cfb55b8c45f2459ffb8b3
SHA256

ea4f53eab434629c439b796b2bacc9c55d5c53e2810b5ea35ad28f3ef4e5ee8e
SHA512

e498c382d0c329ec2b1b230848e58450f9e7fc1c7c1ac25ab541584aee07a60fb194d72365c1859613bd452d34b8886713e0b218fc2f24b62cefa2ca1687fc98
SSDEEP

786432:ajNsBC+g/zgCTLqKxUcIWpzDeuJloJMXMo:mNsBxg/z2KxyWpHvoy

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1436	FORScanSetup2.3.50.release.tmp

Loads dropped DLL 1 IoCs

pid	Process
1888	FORScanSetup2.3.50.release.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1436	1888	FORScanSetup2.3.50.release.exe	27
PID 1888 wrote to memory of 1436	1888	FORScanSetup2.3.50.release.exe	27
PID 1888 wrote to memory of 1436	1888	FORScanSetup2.3.50.release.exe	27
PID 1888 wrote to memory of 1436	1888	FORScanSetup2.3.50.release.exe	27
PID 1888 wrote to memory of 1436	1888	FORScanSetup2.3.50.release.exe	27
PID 1888 wrote to memory of 1436	1888	FORScanSetup2.3.50.release.exe	27
PID 1888 wrote to memory of 1436	1888	FORScanSetup2.3.50.release.exe	27

C:\Users\Admin\AppData\Local\Temp\FORScanSetup2.3.50.release.exe
"C:\Users\Admin\AppData\Local\Temp\FORScanSetup2.3.50.release.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\is-RP5MO.tmp\FORScanSetup2.3.50.release.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RP5MO.tmp\FORScanSetup2.3.50.release.tmp" /SL5="$70124,34227408,121344,C:\Users\Admin\AppData\Local\Temp\FORScanSetup2.3.50.release.exe"
  2⤵
  - Executes dropped EXE
  PID:1436

C:\Users\Admin\AppData\Local\Temp\is-RP5MO.tmp\FORScanSetup2.3.50.release.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
\Users\Admin\AppData\Local\Temp\is-RP5MO.tmp\FORScanSetup2.3.50.release.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/1436-61-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1436-64-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/1436-65-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1888-54-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1888-63-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download