be5c389c3907fbd2c8c29b38bd03d805d3bf8d486bc4711aef83e654a6a130c0

Analysis

max time kernel
120s
max time network
152s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
29/08/2023, 03:24

Target

VMware-workstation-full-16.0.0-16894299.exe
Size

619.3MB
MD5

fcec2125fbaa98f51e17baa3fddb0be0
SHA1

29f7e060ed8bff4015ed137374734531d8fb2670
SHA256

be5c389c3907fbd2c8c29b38bd03d805d3bf8d486bc4711aef83e654a6a130c0
SHA512

da0fe098c37d75b71b516d31940600afc11b9757fd9cafed5ba79847037520dc0461e026d4bced5dbe277bbd6e1204e406b138425a198b13e90c7e272b78dbc2
SSDEEP

12582912:lHe+Il4ah7xm+vfi8UmkCvMDdITMD+mSbB1HZuOL+De04De0SUC:Ne+Il4E8mfi8LvMD8MD+mSbB1HcOiDeG

Score

1^/10

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2820	POWERPNT.EXE
1636	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1636	vlc.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Suspicious use of SendNotifyMessage 3 IoCs

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2696	2820	POWERPNT.EXE	34
PID 2820 wrote to memory of 2696	2820	POWERPNT.EXE	34
PID 2820 wrote to memory of 2696	2820	POWERPNT.EXE	34
PID 2820 wrote to memory of 2696	2820	POWERPNT.EXE	34

C:\Users\Admin\AppData\Local\Temp\VMware-workstation-full-16.0.0-16894299.exe
"C:\Users\Admin\AppData\Local\Temp\VMware-workstation-full-16.0.0-16894299.exe"
1⤵
PID:2904

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\StartBlock.bat" "
1⤵
PID:3008

memory/1636-19-0x000000013FE90000-0x000000013FF88000-memory.dmp

Filesize
992KB

Download
memory/1636-20-0x000007FEF7EF0000-0x000007FEF7F24000-memory.dmp

Filesize
208KB

Download
memory/1636-21-0x000007FEF6110000-0x000007FEF63C4000-memory.dmp

Filesize
2.7MB

Download
memory/1636-22-0x000007FEF4D30000-0x000007FEF5DDB000-memory.dmp

Filesize
16.7MB

Download
memory/1636-23-0x000007FEF4290000-0x000007FEF43A2000-memory.dmp

Filesize
1.1MB

Download
memory/2820-2-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2820-4-0x0000000073EAD000-0x0000000073EB8000-memory.dmp

Filesize
44KB

Download
memory/2820-3-0x000000002D7A0000-0x000000002D9B2000-memory.dmp

Filesize
2.1MB

Download
memory/2820-9-0x0000000073EAD000-0x0000000073EB8000-memory.dmp

Filesize
44KB

Download
memory/2820-10-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2820-11-0x0000000073EAD000-0x0000000073EB8000-memory.dmp

Filesize
44KB

Download
memory/2904-0-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download