952d573c8320bf388ef81e0d905593047f5453a32f95630813cac9a5433c82ee

Analysis

max time kernel
149s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 03:01

Target

789fbd9f5b67ec854d89298af49fce8d.exe
Size

5.5MB
MD5

789fbd9f5b67ec854d89298af49fce8d
SHA1

caac8cfc9682de5b341526963b22706548f5a5b8
SHA256

952d573c8320bf388ef81e0d905593047f5453a32f95630813cac9a5433c82ee
SHA512

69e6b0faf44c2aac9f0fa559240c36c8a3d68dd33ea654a6b8b0f6d3dcea97c8c3e49343fc463fa177d2b5b860c75bb7363cf5e0b23dadee622d67e400727315
SSDEEP

98304:MkL5Z2C6shUx+Q76LkiFO14PJUwck3RUIo8tgudF8AqPv7NDFy:r5ZZTgMk8O1eOk3mAvq9PdFy

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3664	789fbd9f5b67ec854d89298af49fce8d.tmp

Loads dropped DLL 1 IoCs

pid	Process
3664	789fbd9f5b67ec854d89298af49fce8d.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 3664	3880	789fbd9f5b67ec854d89298af49fce8d.exe	94
PID 3880 wrote to memory of 3664	3880	789fbd9f5b67ec854d89298af49fce8d.exe	94
PID 3880 wrote to memory of 3664	3880	789fbd9f5b67ec854d89298af49fce8d.exe	94

C:\Users\Admin\AppData\Local\Temp\789fbd9f5b67ec854d89298af49fce8d.exe
"C:\Users\Admin\AppData\Local\Temp\789fbd9f5b67ec854d89298af49fce8d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Users\Admin\AppData\Local\Temp\is-8B44P.tmp\789fbd9f5b67ec854d89298af49fce8d.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-8B44P.tmp\789fbd9f5b67ec854d89298af49fce8d.tmp" /SL5="$60218,4769160,800256,C:\Users\Admin\AppData\Local\Temp\789fbd9f5b67ec854d89298af49fce8d.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4148 --field-trial-handle=2304,i,7548677271533893574,11048237606705436109,262144 --variations-seed-version /prefetch:8
1⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\is-8B44P.tmp\789fbd9f5b67ec854d89298af49fce8d.tmp

Filesize
3.0MB

MD5
da7936fd42c362618576d3cb18e55a1b

SHA1
656162ea7b6345fb6cfa46adebda705ce09a0567

SHA256
97b342f968bf8a3a2a4c36a50da49107027616005437f92a37c50475840b4102

SHA512
f18998a3deac7aca912a4fa5af7fd650fd01459ad7c563acc2711a734cab25213628a468d2b3e00eddddff07c8b6c6640d701a8a4e45d98481674852db0b6fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U2D7R.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/3664-5-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/3664-11-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/3664-14-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/3880-0-0x0000000000400000-0x00000000004D1000-memory.dmp

Filesize
836KB

Download
memory/3880-10-0x0000000000400000-0x00000000004D1000-memory.dmp

Filesize
836KB

Download