050a3db985fe0180e985301a918783faea7dd720cb7259c597f1ef5a0dad325a

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19-08-2023 14:29

Target

winthrusterpropj/Setup_WinThruster_2021.exe
Size

6.1MB
MD5

426fd133506f9bec04b326330e2b31a9
SHA1

973bbb18d2c2ae7a12812700ee5253e68802bc0f
SHA256

357f1b029541bda80fb1b5dc0c099069f32c93ac182a16219fb30d50229fd498
SHA512

158e1049285bc4fcbb1104b3b7f9facb84813bceb9b25c0fa3d144252227abd5deb9161a39ba13e65563a7d0e0b2d9a9a9c9f951a825a73f27d2eae2f19c1278
SSDEEP

98304:0SiSFxonB+Wh4y5C9etJ4PlsczYNz1bhkPf+lMF8PRGAlWDjzK4f:IExy89m2SczYNcPmlMcGNHN

Score

4^/10

Executes dropped EXE 1 IoCs

Processes:

Setup_WinThruster_2021.tmp

pid process

2516 Setup_WinThruster_2021.tmp
Loads dropped DLL 1 IoCs

Processes:

Setup_WinThruster_2021.exe

pid process

832 Setup_WinThruster_2021.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Setup_WinThruster_2021.tmp

pid process

2516 Setup_WinThruster_2021.tmp

pid	process
2516	Setup_WinThruster_2021.tmp

pid	process
832	Setup_WinThruster_2021.exe

pid	process
2516	Setup_WinThruster_2021.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Setup_WinThruster_2021.exe

description	pid	process	target process
PID 832 wrote to memory of 2516	832	Setup_WinThruster_2021.exe	Setup_WinThruster_2021.tmp
PID 832 wrote to memory of 2516	832	Setup_WinThruster_2021.exe	Setup_WinThruster_2021.tmp
PID 832 wrote to memory of 2516	832	Setup_WinThruster_2021.exe	Setup_WinThruster_2021.tmp
PID 832 wrote to memory of 2516	832	Setup_WinThruster_2021.exe	Setup_WinThruster_2021.tmp
PID 832 wrote to memory of 2516	832	Setup_WinThruster_2021.exe	Setup_WinThruster_2021.tmp
PID 832 wrote to memory of 2516	832	Setup_WinThruster_2021.exe	Setup_WinThruster_2021.tmp
PID 832 wrote to memory of 2516	832	Setup_WinThruster_2021.exe	Setup_WinThruster_2021.tmp

C:\Users\Admin\AppData\Local\Temp\is-UN6JS.tmp\Setup_WinThruster_2021.tmp

Filesize
3.1MB

MD5
3a3305330ad78837ffcd94fa287973e3

SHA1
73586304f35e4e8a6bba8574b9bacaaaae4af1f0

SHA256
89747c19d5ff724c19856ed9e6dc94cb72c3ac55f45d4a1fc079e979805afe54

SHA512
1044d1c8ee49f824562b0b90954a644516edb335499b3df01c3d8c346e66280129982ec135df7ee8e1509e37889b129bde040d6f89f22ec2a6144e95665e294a

Download Submit
\Users\Admin\AppData\Local\Temp\is-UN6JS.tmp\Setup_WinThruster_2021.tmp

Filesize
3.1MB

MD5
3a3305330ad78837ffcd94fa287973e3

SHA1
73586304f35e4e8a6bba8574b9bacaaaae4af1f0

SHA256
89747c19d5ff724c19856ed9e6dc94cb72c3ac55f45d4a1fc079e979805afe54

SHA512
1044d1c8ee49f824562b0b90954a644516edb335499b3df01c3d8c346e66280129982ec135df7ee8e1509e37889b129bde040d6f89f22ec2a6144e95665e294a

Download Submit
memory/832-54-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/832-65-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/2516-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2516-67-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2516-68-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2516-78-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2516-90-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download