4f3ef1e2e0eaaaec3fb52093d279a2e75f6dd2b2fae0028ff0aeb97368ae0a55

Resubmissions

16-08-2023 00:43

16-08-2023 00:32

max time kernel
32s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16-08-2023 00:32

Target

ImpactInstaller-0.9.5.exe
Size

2.4MB
MD5

d9324dd6a6d5fd6247f2aff7153e297c
SHA1

c4d49419289adbbd6a8798fca47c528b957972f1
SHA256

4f3ef1e2e0eaaaec3fb52093d279a2e75f6dd2b2fae0028ff0aeb97368ae0a55
SHA512

1b03c23545301f4d445fa894fb9f0ec770b2a2f099fb0e8254af0a79cb4c2fffdef24accd5ad28d46fb3f6bef22c7994e814575cd14baf60497688b057cbd085
SSDEEP

49152:/t7ZxrWpynDGoMhG+4CgPHJaOHKh5Va1lPBTpWEVHg:/t7ZxrWgDGoq4Bf0OHKh5M1Npptu

Score

4^/10

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 3956	2448	ImpactInstaller-0.9.5.exe	82
PID 2448 wrote to memory of 3956	2448	ImpactInstaller-0.9.5.exe	82

C:\Users\Admin\AppData\Local\Temp\ImpactInstaller-0.9.5.exe
"C:\Users\Admin\AppData\Local\Temp\ImpactInstaller-0.9.5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\AppData\Local\Temp\ImpactInstaller-0.9.5.exe;lib\installer-0.9.5.jar" io.github.ImpactDevelopment.installer.Installer
  2⤵
  - Drops file in Program Files directory
  PID:3956

memory/2448-142-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2448-158-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3956-137-0x0000000002CC0000-0x0000000003CC0000-memory.dmp

Filesize
16.0MB

Download
memory/3956-145-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/3956-146-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/3956-157-0x0000000002CC0000-0x0000000003CC0000-memory.dmp

Filesize
16.0MB

Download
memory/3956-156-0x0000000002F50000-0x0000000002F60000-memory.dmp

Filesize
64KB

Download
memory/3956-155-0x0000000002F40000-0x0000000002F50000-memory.dmp

Filesize
64KB

Download
memory/3956-159-0x0000000002CC0000-0x0000000003CC0000-memory.dmp

Filesize
16.0MB

Download