401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 10:33

Target

401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad.exe
Size

1.9MB
MD5

8fb1e37725b53ba5325aa84cfe964373
SHA1

ddaa837581f4b3305eeb7a8dd2dad927b3bef2dc
SHA256

401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad
SHA512

9ab999d8d1ae7f08a8c3a4af80a1b28f01d4045fe4c6ae614ee3fffb5c0f0012e166597e1778fa476975eefbd41ff4a0c846e105c3db15c448e7d643e1e30d98
SSDEEP

24576:6CA/vlCfty0C2dzkGdwYugIoKvDgLtdRrKpt4w+jaDw188WYjDgoYRSzH4vnfq6:SnD1LgItDSDrIr6qY+/

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1804	flashplayerpp_install_cn.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1804	flashplayerpp_install_cn.exe
1804	flashplayerpp_install_cn.exe
1804	flashplayerpp_install_cn.exe
1804	flashplayerpp_install_cn.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 1804	2576	401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad.exe	95
PID 2576 wrote to memory of 1804	2576	401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad.exe	95
PID 2576 wrote to memory of 1804	2576	401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad.exe	95

C:\Users\Admin\AppData\Local\Temp\401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad.exe
"C:\Users\Admin\AppData\Local\Temp\401d0b1f1a94df6a70818ef2bad80d139bb258c0e7746612066599aa43456dad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Users\Admin\AppData\Local\Temp\flashplayerpp_install_cn.exe
  C:\Users\Admin\AppData\Local\Temp\\flashplayerpp_install_cn.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4200 --field-trial-handle=2252,i,11231798169170618717,17890004712654885282,262144 --variations-seed-version /prefetch:8
1⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\flashplayerpp_install_cn.exe

Filesize
1.3MB

MD5
11e5dfd9a448c4c93b851ce77d69c428

SHA1
5a8dea483c727b210dce89d72fc47b6eb1513b85

SHA256
0dce3bda7d150c4cab60d17121c5ac464da44453124f9677da4b601dbee8df47

SHA512
5eeabca3ffbade2ad776a45253b62cb77851d321963e88e08d499127575359dec103203e864cbf3d9d41c54586fe7420a636586816668d8a68aa6d4b6d6c3288

Download Submit
memory/1804-3-0x00000000001F0000-0x00000000006C8000-memory.dmp

Filesize
4.8MB

Download
memory/1804-4-0x0000000000B90000-0x0000000000B93000-memory.dmp

Filesize
12KB

Download
memory/1804-10-0x00000000001F0000-0x00000000006C8000-memory.dmp

Filesize
4.8MB

Download
memory/1804-12-0x0000000000B90000-0x0000000000B93000-memory.dmp

Filesize
12KB

Download