8956f3d2ae97879f67448239db1d47618266afe3133cb5f5e8bbe343a2d47f16

Analysis

max time kernel
12s
max time network
10s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 13:50

Target

Setup.exe
Size

94KB
MD5

9a4cc0d8e7007f7ef20ca585324e0739
SHA1

f3e5a2e477cac4bab85940a2158eed78f2d74441
SHA256

040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92
SHA512

54636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3
SSDEEP

1536:9M/AhIxHHWMpdPa5wiE21M8kJIGFvb1Cwn/ZDs5yf:9M4SwMpdCq/IM8uIGfV/ZDso

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 228 set thread context of 408	228	Setup.exe	86

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
228	Setup.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 408	228	Setup.exe	86
PID 228 wrote to memory of 408	228	Setup.exe	86
PID 228 wrote to memory of 408	228	Setup.exe	86
PID 228 wrote to memory of 408	228	Setup.exe	86

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\netsh.exe
  C:\Windows\SysWOW64\netsh.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408

C:\Users\Admin\AppData\Local\Temp\724e898f

Filesize
1.2MB

MD5
e58e40e3b96bea8ac6519103ee81a9fa

SHA1
3cc64f3140057ac74c9b1071ca73c4e554393645

SHA256
2c98aa1a2b27f9c522aafa42bf2efda0f311085acf31b68044d3bf5864f481eb

SHA512
2fb3dcbc10e6e9bb875c20eb5b6e67092381091d2bce81d8803906e7f91e24dc243b867a90d14fc13a86d0a4b86c66fa41ec1999aba6646acdf2007fbc8545ed

Download Submit
memory/228-0-0x00007FFE2EA10000-0x00007FFE2EB82000-memory.dmp

Filesize
1.4MB

Download
memory/228-5-0x00007FFE2EA10000-0x00007FFE2EB82000-memory.dmp

Filesize
1.4MB

Download
memory/228-6-0x00007FFE2EA10000-0x00007FFE2EB82000-memory.dmp

Filesize
1.4MB

Download
memory/408-9-0x00007FFE4C930000-0x00007FFE4CB25000-memory.dmp

Filesize
2.0MB

Download