e23dbc051aa68653ec8875dd02c2c37cd81e78263858ce59b6a3fd7b8a936b3e

Resubmissions

24/02/2024, 13:34

24/02/2024, 13:32

max time kernel
440s
max time network
452s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2024, 13:34

Target

Setupx32_x64.exe
Size

319KB
MD5

40120c6767de5340629ad6db820c0ee7
SHA1

c4d96d89ac3c957e0b0a53594e17a522123841a2
SHA256

e23dbc051aa68653ec8875dd02c2c37cd81e78263858ce59b6a3fd7b8a936b3e
SHA512

d9d2816e322ef57821d09b4a8408afaf8f7fb749c9989b09c39bc6f43d4fd79d016578212576c61edfe40b47464453b6c7961214c43a31c0cfa3ba6ce7a35e45
SSDEEP

6144:hJJXkh9NPGRyvRIW5ppOU4Hn/VOgurG627rLik3:LCNKQSWlO5HEhSfd3

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4700 set thread context of 1388	4700	Setupx32_x64.exe	79

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79
PID 4700 wrote to memory of 1388	4700	Setupx32_x64.exe	79

C:\Users\Admin\AppData\Local\Temp\Setupx32_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Setupx32_x64.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1388

memory/1388-4-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/1388-7-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/1388-11-0x0000000001270000-0x0000000001271000-memory.dmp

Filesize
4KB

Download
memory/1388-12-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/4700-0-0x00000000007F0000-0x0000000000842000-memory.dmp

Filesize
328KB

Download
memory/4700-1-0x0000000074B00000-0x00000000752B1000-memory.dmp

Filesize
7.7MB

Download
memory/4700-9-0x0000000074B00000-0x00000000752B1000-memory.dmp

Filesize
7.7MB

Download
memory/4700-10-0x0000000002E50000-0x0000000004E50000-memory.dmp

Filesize
32.0MB

Download
memory/4700-13-0x0000000002E50000-0x0000000004E50000-memory.dmp

Filesize
32.0MB

Download