bd50ae2f1c5b54b6d935a81a02dee0eb3637801683332b3520c628e72c1c5422

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 03:08

Target

S3 unlocker by NAB/no_track_patch.exe
Size

467KB
MD5

ce9fceaef361438ce45ab93b26d22aee
SHA1

bbd5a949692d2dcc775230081f5ab7b721aa8b89
SHA256

743914f68712eeed2548d105f3a9348e55e9a52d2dc5965e73a638c6ff7d9869
SHA512

88d6b75469f3ef2e53ba915b530fbe8778f41097a980e43b4d6b65e9848add291a9f99d346338f60268ae3b4a2e74c31f38e7f4b0b20f8e9f697c35142d9def1
SSDEEP

12288:HhdJVlR7gBewFNxJXePMad8sqWivqI51VyNljhKyoSlcEiP/3IWVB/uxNcXCa:HbJVlR7gBewFfOivqi1wO/f

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 4132	2252	no_track_patch.exe	92
PID 2252 wrote to memory of 4132	2252	no_track_patch.exe	92
PID 2252 wrote to memory of 4132	2252	no_track_patch.exe	92

C:\Users\Admin\AppData\Local\Temp\S3 unlocker by NAB\no_track_patch.exe
"C:\Users\Admin\AppData\Local\Temp\S3 unlocker by NAB\no_track_patch.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c PAUSE
  2⤵
  PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2384 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3404

memory/2252-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download