b7ac4c2bf9e7750e0f37ce0a7601357719d44f526f5eb7c18c62b7e509b7bf27

Analysis

max time kernel
455s
max time network
457s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 20:08

Target

Setup.exe
Size

466KB
MD5

a45fcbd4b430c4fd4ee740f8822adbaa
SHA1

714deba8f75ce7ffa63d4d44ae0b836d41a53ffe
SHA256

b7ac4c2bf9e7750e0f37ce0a7601357719d44f526f5eb7c18c62b7e509b7bf27
SHA512

8d682225e25da1e93ad2afe6fb0d4f05774c986e6758b0f16c10910c5be623433748f22f7ef76cf450ed1d5668515aa0c347e0adc1401fe6e06ebdf0806cf0ec
SSDEEP

6144:Qdb/Q+n2NgF7CcdUbzMA+tV+J38qF+qw6nBMQyepZmEL2KaKQyabo2E1VnUZm+oc:Qd/Q+cQ2w+J3VFu6nBHye9VaMbtUhMM

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

Setup.exe

description pid process target process

PID 564 set thread context of 4384 564 Setup.exe RegAsm.exe

description	pid	process	target process
PID 564 set thread context of 4384	564	Setup.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

Setup.exe

description	pid	process	target process
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe
PID 564 wrote to memory of 4384	564	Setup.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4384

memory/564-0-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/564-1-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/564-3-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/4384-2-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4384-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4384-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download