4f5e5e515d01b7136242dc0eb387c71bba75042380708e99e2be7c3666562668

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 06:30

Target

52c974090349a27ab4d00f661fd3d1f1.exe
Size

4.5MB
MD5

52c974090349a27ab4d00f661fd3d1f1
SHA1

db4161521b3fd6c4672ada8ac94be47c987a1e26
SHA256

4f5e5e515d01b7136242dc0eb387c71bba75042380708e99e2be7c3666562668
SHA512

7fa12e2bd2b725df3dae3be3bfb8b2d2817dd3c3fc51f49fb4ef86947e761b41e8442e2036dd97890ba1157a03c88171da8ae64d6cbb461488009f407988e3ae
SSDEEP

98304:UkGEJ72NGT5qI+/pGmduT7ganjhEmpuXbpUEzGUdFZqE:pXJ72wn+9ufnjHpWpUEzB

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
3916	setup.exe
3056	setup.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 3916	4084	52c974090349a27ab4d00f661fd3d1f1.exe	95
PID 4084 wrote to memory of 3916	4084	52c974090349a27ab4d00f661fd3d1f1.exe	95
PID 4084 wrote to memory of 3916	4084	52c974090349a27ab4d00f661fd3d1f1.exe	95
PID 3916 wrote to memory of 3056	3916	setup.exe	96
PID 3916 wrote to memory of 3056	3916	setup.exe	96
PID 3916 wrote to memory of 3056	3916	setup.exe	96

C:\Users\Admin\AppData\Local\Temp\52c974090349a27ab4d00f661fd3d1f1.exe
"C:\Users\Admin\AppData\Local\Temp\52c974090349a27ab4d00f661fd3d1f1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Users\Admin\AppData\Local\Temp\_sb421.dir\setup.exe
  C:\Users\Admin\AppData\Local\Temp\_sb421.dir\setup.exe /f /sourcepath "C:\Users\Admin\AppData\Local\Temp\"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\_sb740.dir\setup.exe
    C:\Users\Admin\AppData\Local\Temp\_sb740.dir\setup.exe "C:\Users\Admin\AppData\Local\Temp\_sb421.dir\" /sourcepath "C:\Users\Admin\AppData\Local\Temp\_sb421.dir\" /SelLan 0409 "CheckId:SetupBuilder Professional 1.5.0001"
    3⤵
    - Executes dropped EXE
    PID:3056

memory/3056-25-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/3056-26-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/3916-13-0x0000000001E00000-0x0000000001E01000-memory.dmp

Filesize
4KB

Download
memory/3916-29-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4084-0-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4084-24-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4084-34-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download