e0416ecc1fdcec19689cbc21492e6cb8f5802da7466611f578e5bce0710c064a

Analysis

max time kernel
93s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 21:35

Target

Setup.exe
Size

42.9MB
MD5

c419c8a5c46aa90a4c825e0d92f3ce64
SHA1

873f3b0ca75cb36a6696b08030bc3ea6fcbddb58
SHA256

e0416ecc1fdcec19689cbc21492e6cb8f5802da7466611f578e5bce0710c064a
SHA512

3b528b86805716c68c2b0a28e31390052c17c354f6202997f814a8ce93846c349eeabd2846a917e99945ef2f8ed8096d5d3d27adb5f71a0be8eb813f9d32c22b
SSDEEP

196608:am3LfYVSsbwLpCKfpTPGZAdpCBEYFK0SGO0gisv:j3EVS4KfpTSAdMBEYU0gNisv

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4608 set thread context of 836	4608	Setup.exe	88

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 836	4608	Setup.exe	88
PID 4608 wrote to memory of 836	4608	Setup.exe	88
PID 4608 wrote to memory of 836	4608	Setup.exe	88
PID 4608 wrote to memory of 836	4608	Setup.exe	88
PID 4608 wrote to memory of 836	4608	Setup.exe	88

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  2⤵
  PID:836

memory/836-6-0x0000000000330000-0x0000000000388000-memory.dmp

Filesize
352KB

Download
memory/836-9-0x0000000000330000-0x0000000000388000-memory.dmp

Filesize
352KB

Download
memory/836-10-0x0000000000330000-0x0000000000388000-memory.dmp

Filesize
352KB

Download
memory/836-11-0x0000000000330000-0x0000000000388000-memory.dmp

Filesize
352KB

Download
memory/4608-2-0x00007FF7BE5B0000-0x00007FF7C1141000-memory.dmp

Filesize
43.6MB

Download
memory/4608-5-0x00007FF7BE5B0000-0x00007FF7C1141000-memory.dmp

Filesize
43.6MB

Download
memory/4608-7-0x00007FF7BE5B0000-0x00007FF7C1141000-memory.dmp

Filesize
43.6MB

Download