8956f3d2ae97879f67448239db1d47618266afe3133cb5f5e8bbe343a2d47f16

Analysis

max time kernel
9s
max time network
6s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
21-04-2024 13:50

Target

Setup.exe
Size

94KB
MD5

9a4cc0d8e7007f7ef20ca585324e0739
SHA1

f3e5a2e477cac4bab85940a2158eed78f2d74441
SHA256

040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92
SHA512

54636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3
SSDEEP

1536:9M/AhIxHHWMpdPa5wiE21M8kJIGFvb1Cwn/ZDs5yf:9M4SwMpdCq/IM8uIGfV/ZDso

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2764 set thread context of 3612	2764	Setup.exe	81

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2764	Setup.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 3612	2764	Setup.exe	81
PID 2764 wrote to memory of 3612	2764	Setup.exe	81
PID 2764 wrote to memory of 3612	2764	Setup.exe	81
PID 2764 wrote to memory of 3612	2764	Setup.exe	81

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\SysWOW64\netsh.exe
  C:\Windows\SysWOW64\netsh.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612

C:\Users\Admin\AppData\Local\Temp\afe6e0e0

Filesize
1.2MB

MD5
581322fab2d0af06d654d51141c4c5e6

SHA1
3215db8f3eda72af58c1e29a0da48e78bf3224e4

SHA256
293e0b6bf6265827eea580b8d4c5a2b77f300230ad8f6d8b4575e82e44ce849a

SHA512
294fff84da0a9fd820a1cc6e115d73d2927fed3ee3c7f7930193bfe0106a3bc051d65349e96fe732b87f76aabbb397eb208581258715f99cb562fc34f390c342

Download Submit
memory/2764-0-0x00007FFB71550000-0x00007FFB716CA000-memory.dmp

Filesize
1.5MB

Download
memory/2764-5-0x00007FFB71550000-0x00007FFB716CA000-memory.dmp

Filesize
1.5MB

Download
memory/2764-6-0x00007FFB71550000-0x00007FFB716CA000-memory.dmp

Filesize
1.5MB

Download
memory/3612-9-0x00007FFB920E0000-0x00007FFB922E9000-memory.dmp

Filesize
2.0MB

Download