b39d92c6ef2664fd14eabcccf3177609289afbb50f4a447dd12ec6e9a10b6c26

Analysis

max time kernel
167s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 15:18

Target

StarWindConverter.exe
Size

11.8MB
MD5

00b8de69bd7af4c7db8a14b428dab6d3
SHA1

27fec6296d1664f045664c6c14d480695be3d181
SHA256

178d1afed3243989657e3e1f3a145dbb32bcbf0d55f8a8cbfaea64e15c061f8b
SHA512

e888852c7a3b6f1260808978ae2f8b219da66a69194766895567e6d4d0efe473bf7c47db4b39a571525d97df66168d4749fc547ecbcce5b46204e74fa55e96ed
SSDEEP

196608:LqQ1fFgUybn8BzVr1zF2ZAoX5x0SbKVpciXEDpTSM/LgLiCb4HUiefJrm0KGZLDg:HFckhzF+Ag/LbKcgOpT9LgLiv01XKT

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4180	StarWindConverter.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 4180	2928	StarWindConverter.exe	90
PID 2928 wrote to memory of 4180	2928	StarWindConverter.exe	90
PID 2928 wrote to memory of 4180	2928	StarWindConverter.exe	90

C:\Users\Admin\AppData\Local\Temp\StarWindConverter.exe
"C:\Users\Admin\AppData\Local\Temp\StarWindConverter.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\is-436A7.tmp\StarWindConverter.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-436A7.tmp\StarWindConverter.tmp" /SL5="$110236,12114264,338944,C:\Users\Admin\AppData\Local\Temp\StarWindConverter.exe"
  2⤵
  - Executes dropped EXE
  PID:4180

C:\Users\Admin\AppData\Local\Temp\is-436A7.tmp\StarWindConverter.tmp

Filesize
971KB

MD5
cd2e0b79757aa6a501f5ca38de519de2

SHA1
62388bc7525b09eaf86698c94d879d6e786c0912

SHA256
0c3fe72f14c9d7fc2fb0fe30f660ba5f98f27c664939f49739df4c9cb05d5dbc

SHA512
64e317e8dccb1a16b83169fb2644638e15e220da9171378481689a2bc00bf086bc03d851101367b6d49d420265145e110fc75f1cb30942f291d9dc3e9dc6b526

Download Submit
memory/2928-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2928-3-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2928-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2928-12-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4180-7-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/4180-9-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/4180-10-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/4180-13-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/4180-15-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/4180-16-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download