Overview
overview
7Static
static
3Adobe/de.ps1
windows11-21h2-x64
1App Setup.exe
windows11-21h2-x64
7$PLUGINSDI...er.dll
windows11-21h2-x64
1$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3InstaIIer.exe
windows11-21h2-x64
1$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...7z.dll
windows11-21h2-x64
3$R0/Uninst...er.exe
windows11-21h2-x64
7d3dcompiler_47.dll
windows11-21h2-x64
1lib/asm-all.jar
windows11-21h2-x64
7lib/dn-com...le.jar
windows11-21h2-x64
7lib/dn-php-sdk.jar
windows11-21h2-x64
7lib/gson.jar
windows11-21h2-x64
7lib/jfoenix.jar
windows11-21h2-x64
7lib/jphp-a...rk.jar
windows11-21h2-x64
7lib/jphp-core.jar
windows11-21h2-x64
7lib/jphp-d...xt.jar
windows11-21h2-x64
7lib/jphp-gui-ext.jar
windows11-21h2-x64
7lib/jphp-g...xt.jar
windows11-21h2-x64
7lib/jphp-json-ext.jar
windows11-21h2-x64
7lib/jphp-j...xt.jar
windows11-21h2-x64
7lib/jphp-runtime.jar
windows11-21h2-x64
7lib/jphp-xml-ext.jar
windows11-21h2-x64
7lib/jphp-zend-ext.jar
windows11-21h2-x64
7lib/jphp-zip-ext.jar
windows11-21h2-x64
7lib/jsoup.jar
windows11-21h2-x64
7lib/slf4j-api.jar
windows11-21h2-x64
7lib/slf4j-simple.jar
windows11-21h2-x64
7lib/zt-zip.jar
windows11-21h2-x64
7libG1LESv2.dll
windows11-21h2-x64
1Analysis
-
max time kernel
153s -
max time network
161s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
09/03/2024, 10:51
Static task
static1
Behavioral task
behavioral1
Sample
Adobe/de.ps1
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
App Setup.exe
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240214-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
InstaIIer.exe
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
$R0/Uninstall InstaIIer.exe
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
d3dcompiler_47.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
lib/asm-all.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
lib/dn-compiled-module.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
lib/dn-php-sdk.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
lib/gson.jar
Resource
win11-20240214-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
lib/jfoenix.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
lib/jphp-app-framework.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
lib/jphp-core.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
lib/jphp-desktop-ext.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
lib/jphp-gui-ext.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
lib/jphp-gui-jfoenix-ext.jar
Resource
win11-20240214-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
lib/jphp-json-ext.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
lib/jphp-jsoup-ext.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
lib/jphp-runtime.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
lib/jphp-xml-ext.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
lib/jphp-zend-ext.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
lib/jphp-zip-ext.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
lib/jsoup.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
lib/slf4j-api.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
lib/slf4j-simple.jar
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
lib/zt-zip.jar
Resource
win11-20240214-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
libG1LESv2.dll
Resource
win11-20240221-en
windows11-21h2-x64
General
-
Target
InstaIIer.exe
-
Size
150.4MB
-
MD5
466d10b112ac7e5a7227601a93b945b7
-
SHA1
d8de554a497b97edfc5b85132d9f8bf2df06fd19
-
SHA256
bea6f749e878032e55c6cff812802f28225ae836009ad55a7f94c521daf919e6
-
SHA512
0e93e18009afb436a46d61dea9e2346e270344890afc748caf94c0d888e981f70e4e6941ae0074cc9c8b8a42a6aaa23906ae7963a6050f8b7c7eb5cc034d47ed
-
SSDEEP
1572864:f9sIp9dePx3boQ9zPx3veCvI+RJjaWIxdaJgAOB3i3wFO6Bj3yTEQjB4UR9OEm3:je15JHHgw9m
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 InstaIIer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 InstaIIer.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 InstaIIer.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5068 InstaIIer.exe 5068 InstaIIer.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe Token: SeShutdownPrivilege 4256 InstaIIer.exe Token: SeCreatePagefilePrivilege 4256 InstaIIer.exe -
Suspicious use of WriteProcessMemory 45 IoCs
description pid Process procid_target PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 5092 4256 InstaIIer.exe 80 PID 4256 wrote to memory of 4060 4256 InstaIIer.exe 81 PID 4256 wrote to memory of 4060 4256 InstaIIer.exe 81 PID 4256 wrote to memory of 3904 4256 InstaIIer.exe 82 PID 4256 wrote to memory of 3904 4256 InstaIIer.exe 82 PID 4256 wrote to memory of 5068 4256 InstaIIer.exe 83 PID 4256 wrote to memory of 5068 4256 InstaIIer.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe"C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe"1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4256 -
C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe"C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\InstaIIer" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1704,i,17892715016918664252,490056309651504890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:5092
-
-
C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe"C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\InstaIIer" --mojo-platform-channel-handle=2012 --field-trial-handle=1704,i,17892715016918664252,490056309651504890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:4060
-
-
C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe"C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\InstaIIer" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1704,i,17892715016918664252,490056309651504890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵PID:3904
-
-
C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe"C:\Users\Admin\AppData\Local\Temp\InstaIIer.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\InstaIIer" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1704,i,17892715016918664252,490056309651504890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
495B
MD5237f0ab4ae6885e8772e578c1b558d86
SHA192216aa1f15c11ae5e36a33f2466a3033f4926e0
SHA2560c66c20013b095b6c6dba1e2845ebd434383b27965b6d92d6df2d0ca974962eb
SHA5120d794e62f965a5917b1979e0d1f3f5fa278ae11309cb8e7cdbb38eea9719379b6512d00cfcb2e6beec8f3b233b0f5ea2a2666fffbe140f537dcfa202cb9cae05
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84