7bda1c7dfc670489155db2f8fc1f48c209b92fb6145a320d677dccf0bce921b6

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 09:40

Target

VSCodeUserSetup-x64-1.87.2.exe
Size

93.5MB
MD5

daf5ea4330bfe2a799fa9d74803a636b
SHA1

2b36e6e9836b76cf602ea6b0ad67f348059fab2d
SHA256

7bda1c7dfc670489155db2f8fc1f48c209b92fb6145a320d677dccf0bce921b6
SHA512

d6ce4a9f3d40bafee932ac82aed55b73e762bf7922d87d7c292690798f007d40d539104d860c974787496d01c34e953bdb75503ab724dc3075f6a8166103c77e
SSDEEP

1572864:gVtCdWPuGW1eo/30U7AmCw59hGTdpWi8hved2+uDzlpM+7i6gGVLgsO9vMQrIO:HdGW1eA97AR/1QeIlpM+sinOmO

Score

4^/10

Executes dropped EXE 1 IoCs

pid	Process
2972	VSCodeUserSetup-x64-1.87.2.tmp

Loads dropped DLL 1 IoCs

pid	Process
3004	VSCodeUserSetup-x64-1.87.2.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2972	3004	VSCodeUserSetup-x64-1.87.2.exe	28
PID 3004 wrote to memory of 2972	3004	VSCodeUserSetup-x64-1.87.2.exe	28
PID 3004 wrote to memory of 2972	3004	VSCodeUserSetup-x64-1.87.2.exe	28
PID 3004 wrote to memory of 2972	3004	VSCodeUserSetup-x64-1.87.2.exe	28
PID 3004 wrote to memory of 2972	3004	VSCodeUserSetup-x64-1.87.2.exe	28
PID 3004 wrote to memory of 2972	3004	VSCodeUserSetup-x64-1.87.2.exe	28
PID 3004 wrote to memory of 2972	3004	VSCodeUserSetup-x64-1.87.2.exe	28

C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.87.2.exe
"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.87.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Users\Admin\AppData\Local\Temp\is-AAAM9.tmp\VSCodeUserSetup-x64-1.87.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AAAM9.tmp\VSCodeUserSetup-x64-1.87.2.tmp" /SL5="$4012C,97027660,828416,C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.87.2.exe"
  2⤵
  - Executes dropped EXE
  PID:2972

\Users\Admin\AppData\Local\Temp\is-AAAM9.tmp\VSCodeUserSetup-x64-1.87.2.tmp

Filesize
2.5MB

MD5
08bad8b3ab24228153d39cf2fe9bc594

SHA1
29a7be666f2324bb4251ec26797ff10509295f11

SHA256
b42ca875bd9277a36314da74737b17c0b5acec9d7371eadc749321435422fbc6

SHA512
9652a1ec8367be9665f9c2eac55dc8c9077318e4343e9a316d350c4593759ccaaeeacf7cd77d334741d3c653dc0e28a640acb87c9f19d894b3a89784eeb9f5d6

Download Submit
memory/2972-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2972-9-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/3004-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3004-11-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download