ee64d93d4f345f99bfaaa0f1098140a82ac9e3ced56649ae98933efd67496a99

Analysis

max time kernel
154s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 02:30

Target

driveridentifier_setup.exe
Size

4.1MB
MD5

10f9c2ec8cdf4bb105dc9c9391c5550c
SHA1

c46c63fffd6781f27b9fcec869dae148e64f4eba
SHA256

ee64d93d4f345f99bfaaa0f1098140a82ac9e3ced56649ae98933efd67496a99
SHA512

c259919e95f8b2df40f93276e0d180075ae8a90a44176b6598890ea642b3ad85182e2440b09c67f6fe1fe909d6514ed3503d7954649e9822eeac1680b1b9bb90
SSDEEP

98304:o5Dl/xwWYmpGyTeE4w6woZR3enC89egivowoYWGhDluu:Ol/RdY9E4fwoZVmiwwoS

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4824	driveridentifier_setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
4824	driveridentifier_setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 4824	1448	driveridentifier_setup.exe	91
PID 1448 wrote to memory of 4824	1448	driveridentifier_setup.exe	91
PID 1448 wrote to memory of 4824	1448	driveridentifier_setup.exe	91

C:\Users\Admin\AppData\Local\Temp\driveridentifier_setup.exe
"C:\Users\Admin\AppData\Local\Temp\driveridentifier_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Users\Admin\AppData\Local\Temp\is-ON54G.tmp\driveridentifier_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-ON54G.tmp\driveridentifier_setup.tmp" /SL5="$F0046,4042075,55296,C:\Users\Admin\AppData\Local\Temp\driveridentifier_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:492

C:\Users\Admin\AppData\Local\Temp\is-07GUO.tmp\psvince.dll

Filesize
36KB

MD5
a4e5c512b047a6d9dc38549161cac4de

SHA1
49d3e74f9604a6c61cda04ccc6d3cda87e280dfb

SHA256
c7f1e7e866834d9024f97c2b145c09d106e447e8abd65a10a1732116d178e44e

SHA512
2edb8a492b8369d56dda735a652c9e08539a5c4709a794efaff91adcae192a636d0545725af16cf8c31b275b34c2f19e4b019b57fb9050b99de65a4c08e3eee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ON54G.tmp\driveridentifier_setup.tmp

Filesize
694KB

MD5
cf27b93e66994d8dfd2497bfc311d3c2

SHA1
000273eda5c157b7ba038324481babd9b8de0f18

SHA256
ea8523e46f9dc80095752e4f54f56c7afe3b3ab53c34f799f3d690a3907fb008

SHA512
f2a1622b4a06c59b145ced73397ac0ae89f523e281186af759faac2a0bf11b05422b7bf266e2fcfd31b5b7563ed78aacc32248c5c063f513d733713a875124c1

Download Submit
memory/1448-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1448-3-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/1448-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1448-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4824-7-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/4824-13-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download