a670dc5cb86c5aba1a4fcde0fcc45c4b5aae4304c71c48848c037cb11c50219a

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 01:41

Target

GRF Editor Installer.exe
Size

5.2MB
MD5

4030b9490575789401f78dda26dfe477
SHA1

fd24d47423b99412a73a60c9f42c4799ba8574bc
SHA256

3f2604a40e06bb5528821fbe5e08def0b063bc4b4c77f5c8ea50893997787283
SHA512

34e411e2fc6ec5bacae587c662fd166834781530bb81770febf8af4b713f3219578dd60d29513ad153f3e5397fbe66f8d574fd134734730d5d3e883da420837f
SSDEEP

98304:8SiTMLI6YBWbdVgoXrKUH9q95n0lcp764fg15Adx8/vTlMNRXTJgnPcM5:fLI6YBwDgo+mqn7Y/50BRjJ8cS

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3148	GRF Editor Installer.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 3148	1320	GRF Editor Installer.exe	84
PID 1320 wrote to memory of 3148	1320	GRF Editor Installer.exe	84
PID 1320 wrote to memory of 3148	1320	GRF Editor Installer.exe	84

C:\Users\Admin\AppData\Local\Temp\GRF Editor Installer.exe
"C:\Users\Admin\AppData\Local\Temp\GRF Editor Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Users\Admin\AppData\Local\Temp\is-M25EQ.tmp\GRF Editor Installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-M25EQ.tmp\GRF Editor Installer.tmp" /SL5="$9003E,4552048,831488,C:\Users\Admin\AppData\Local\Temp\GRF Editor Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:3148

C:\Users\Admin\AppData\Local\Temp\is-M25EQ.tmp\GRF Editor Installer.tmp

Filesize
3.0MB

MD5
6522639e7cff9bb0bdad5a2be75b0908

SHA1
27ad8f895a6dc49d9fdd9413210d4d0eb914f9b0

SHA256
7ad24cb285c46aad5c94609d3b3836930b8b9f56c5f1bc3a78d9820027348e16

SHA512
1d30a3fba73edd25f7ac9f903fc1cd66059c84856df22e729d6b23e495a5826248318c16c8c8677e76357784f9e362d957759e033ea1308916b5eb7d14bc6dc0

Download Submit
memory/1320-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1320-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3148-5-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/3148-8-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/3148-11-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download