79f76160fd12d29b59c066ef907e293cc4802a7549edf0019842ea87936a742f | Triage

Analysis

max time kernel
130s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 19:12

Sharing

Report Analysis Logs

General

Target

uninst.exe
Size

74KB
MD5

493549cee2474da75dfeb027902ee1cf
SHA1

90a24f03f9b9cb00a5ca3108cc011a52ae7a830d
SHA256

439078046f9fab11b164ead16497d5e05e23d23bd0f074386b69bf1424fdc80c
SHA512

2b2cd892b7b08f2397f4c6c6d867f9ac3a8c5266c9b56bf31045c9774c274581d64224e98f9b1f1ef66c8f6f79946b40ba16da5c3b0b83d0eba6efee741f2a4a
SSDEEP

1536:sG0Db1wJdBREzA01xVubM8JFbqAELVigmvDb3nTrfBskSoxx:ADb1wHBe6bM8JFeAI0xvXffZx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4444	A~NSISu_.exe

NSIS installer 1 IoCs

resource	yara_rule
behavioral14/files/0x0006000000022f58-3.dat	nsis_installer_1

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 4444	3672	uninst.exe	83
PID 3672 wrote to memory of 4444	3672	uninst.exe	83
PID 3672 wrote to memory of 4444	3672	uninst.exe	83

C:\Users\Admin\AppData\Local\Temp\uninst.exe
"C:\Users\Admin\AppData\Local\Temp\uninst.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe
  "C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:4444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe

Filesize
74KB

MD5
493549cee2474da75dfeb027902ee1cf

SHA1
90a24f03f9b9cb00a5ca3108cc011a52ae7a830d

SHA256
439078046f9fab11b164ead16497d5e05e23d23bd0f074386b69bf1424fdc80c

SHA512
2b2cd892b7b08f2397f4c6c6d867f9ac3a8c5266c9b56bf31045c9774c274581d64224e98f9b1f1ef66c8f6f79946b40ba16da5c3b0b83d0eba6efee741f2a4a

Download Submit