61438af9cd79ad931a95c2031542ecf28f03f74a8b1211b9e58072925083a9ad

Analysis

max time kernel
154s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 19:43

Target

Setup.exe
Size

179KB
MD5

53db797144ee628724f76a07917f4e4b
SHA1

16444fb48395f8d62eaba81928644bee887ff8f8
SHA256

61438af9cd79ad931a95c2031542ecf28f03f74a8b1211b9e58072925083a9ad
SHA512

94c63780f4ceae3fc10ead6de65deaa72d7a76bf477be1840871dc7a45423eddebb9b09a113c6214a08b67563ddf11dbc33dc073a83a36787171c8b3c9a6c2ed
SSDEEP

3072:PYSqXo1jT7uduk58NU99TBCOaJ/iTuu4kOXDM0zqL1cdFfnqncEN41EMXQ3By:t1jT2eUTraJ/iTuJlDMQMFn9MyBy

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2836	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2836	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2836	msiexec.exe
2836	msiexec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 2836	3208	Setup.exe	90
PID 3208 wrote to memory of 2836	3208	Setup.exe	90
PID 3208 wrote to memory of 2836	3208	Setup.exe	90

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /i "Pro Evolution Soccer 2013.msi"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2836