be08f87223af693a80d7b196d61d43c973d39a499f8bc49620791fdbba41bc9a

Analysis

max time kernel
128s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 11:25

Target

Seturp v_43.4Y/Setup_Seturp v_43.2.exe
Size

98KB
MD5

6f78ea948a1986c25aeeeede8f1ededc
SHA1

5748d9a15dc732eb3ca02f3d66d55047d1d7777a
SHA256

0ecbe6d6b38c64d1544b2e492fb59df1529bf22ea3d847574b2252a2154d9725
SHA512

515205124cbe4ad7e4027cf071be3c92f2664a0b93356b2f09e30da2aedd9f7c2d67d3b90be1e1f9374363fbb8faa613887ba7f32f661db6be7ad136c6905431
SSDEEP

768:F7Zw33FNUf6Nhd/fQ1l+0vM0iT9nQS1Kadjp3S0VYcFodSzSZ27lftc:VZ2FWSNhd/4131iGS1Kax9Sxc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 840	2480	Setup_Seturp v_43.2.exe	83
PID 2480 wrote to memory of 840	2480	Setup_Seturp v_43.2.exe	83
PID 2480 wrote to memory of 840	2480	Setup_Seturp v_43.2.exe	83

C:\Users\Admin\AppData\Local\Temp\Seturp v_43.4Y\Setup_Seturp v_43.2.exe
"C:\Users\Admin\AppData\Local\Temp\Seturp v_43.4Y\Setup_Seturp v_43.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\Seturp v_43.4Y\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\Seturp v_43.4Y\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
  2⤵
  PID:840

memory/840-37-0x0000000002998000-0x00000000029A0000-memory.dmp

Filesize
32KB

Download
memory/840-11-0x00000000028F0000-0x00000000048F0000-memory.dmp

Filesize
32.0MB

Download
memory/840-12-0x00000000028F0000-0x00000000048F0000-memory.dmp

Filesize
32.0MB

Download
memory/840-25-0x00000000028F0000-0x00000000048F0000-memory.dmp

Filesize
32.0MB

Download
memory/840-33-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

Filesize
4KB

Download
memory/840-35-0x00000000028F0000-0x00000000048F0000-memory.dmp

Filesize
32.0MB

Download
memory/840-38-0x0000000002928000-0x0000000002930000-memory.dmp

Filesize
32KB

Download
memory/840-41-0x00000000029A8000-0x00000000029B0000-memory.dmp

Filesize
32KB

Download
memory/840-40-0x00000000028F0000-0x00000000048F0000-memory.dmp

Filesize
32.0MB

Download
memory/840-39-0x00000000029A0000-0x00000000029A8000-memory.dmp

Filesize
32KB

Download
memory/840-42-0x00000000028F0000-0x00000000048F0000-memory.dmp

Filesize
32.0MB

Download
memory/840-43-0x00000000028F0000-0x00000000048F0000-memory.dmp

Filesize
32.0MB

Download
memory/2480-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download