fa0b3328dda7aa7e953780fc8b6be127f747fc778f0bd3f0a2e885402c1c481e

Analysis

max time kernel
86s
max time network
201s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
17-05-2024 13:07

Target

164/setup164.exe
Size

32KB
MD5

2b8b61308a4482526a259ccab970bfd6
SHA1

b41513afc20d492b556eb2f0ed2bd3af9e7b496c
SHA256

09ad227263cf701b1ee840b6744be44e1bf2478073c20b5dfc8dd29fecade71b
SHA512

b88a63c46062d3c6a608bc650d82a4b7e69e284a72655de6e5249060acba9a566287256b80afd0197ed6f903a9bf19c6e5c4565bb5bdb1bb4cfd64281bdb6324
SSDEEP

384:7oI1gYZw33FUWUcC6TBhdsDgZH4o5NEvdlcn0ScPmPn0Avsl9EPg/s4Xsn+KvHKj:j7Zw33FNUf6Nhd/fQ1l+0vM0iT9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

setup164.exe

description	pid	process	target process
PID 3000 wrote to memory of 4396	3000	setup164.exe	javaw.exe
PID 3000 wrote to memory of 4396	3000	setup164.exe	javaw.exe
PID 3000 wrote to memory of 4396	3000	setup164.exe	javaw.exe

C:\Users\Admin\AppData\Local\Temp\164\setup164.exe
"C:\Users\Admin\AppData\Local\Temp\164\setup164.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\164\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\164\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\asm-all.jar;lib\commons-email.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
  2⤵
  PID:4396

memory/3000-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4396-6-0x00000000026C0000-0x00000000026E8000-memory.dmp

Filesize
160KB

Download
memory/4396-10-0x0000000002708000-0x0000000002710000-memory.dmp

Filesize
32KB

Download
memory/4396-13-0x0000000002710000-0x0000000002718000-memory.dmp

Filesize
32KB

Download
memory/4396-31-0x00000000026F8000-0x0000000002700000-memory.dmp

Filesize
32KB

Download
memory/4396-30-0x0000000002758000-0x0000000002760000-memory.dmp

Filesize
32KB

Download
memory/4396-29-0x0000000002700000-0x0000000002708000-memory.dmp

Filesize
32KB

Download
memory/4396-28-0x0000000002760000-0x0000000002768000-memory.dmp

Filesize
32KB

Download
memory/4396-39-0x00000000026F8000-0x0000000002700000-memory.dmp

Filesize
32KB

Download
memory/4396-38-0x0000000002760000-0x0000000002768000-memory.dmp

Filesize
32KB

Download
memory/4396-37-0x0000000002710000-0x0000000002718000-memory.dmp

Filesize
32KB

Download
memory/4396-36-0x0000000002708000-0x0000000002710000-memory.dmp

Filesize
32KB

Download
memory/4396-35-0x00000000026C0000-0x00000000026E8000-memory.dmp

Filesize
160KB

Download