4e309c76c4a6a4a687fff7f7fe87af6d8188060265fd86b2b0cf66aaa45da66f

Analysis

max time kernel
94s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 16:12

Target

Uninstall.exe
Size

49KB
MD5

aeb9e4a2e2f4bb682a9ea9d7eb1573d2
SHA1

94e33bb09fcd6297107d21e9cd2c21d9ead35607
SHA256

0feef0654242e633284da0fb23fb439a53da24f50cceae3d2ae864f246f8a2f3
SHA512

d88ae0c8624f39f6b84e3c1c4f3cc73b78204664e173970209479dd03720a88f69fe7fb1a504a0d51e5bec1312fea9a3e93f08efdf981381c69b766a8ae4706c
SSDEEP

768:Mw0D3T2XQW0dcyngqR8lWFYCPMfjABHD2tAJb5PAAIYHLLE8J3+eJRn5Am6kRRJ6:Mw0DsT0zikYCPMUxDRbw8JuqAELVigB0

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2608	A~NSISu_.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral6/files/0x000a0000000233f7-3.dat	nsis_installer_1

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 2608	4324	Uninstall.exe	85
PID 4324 wrote to memory of 2608	4324	Uninstall.exe	85
PID 4324 wrote to memory of 2608	4324	Uninstall.exe	85

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe
  "C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:2608

C:\Users\Admin\AppData\Local\Temp\A~NSISu_.exe

Filesize
49KB

MD5
aeb9e4a2e2f4bb682a9ea9d7eb1573d2

SHA1
94e33bb09fcd6297107d21e9cd2c21d9ead35607

SHA256
0feef0654242e633284da0fb23fb439a53da24f50cceae3d2ae864f246f8a2f3

SHA512
d88ae0c8624f39f6b84e3c1c4f3cc73b78204664e173970209479dd03720a88f69fe7fb1a504a0d51e5bec1312fea9a3e93f08efdf981381c69b766a8ae4706c

Download Submit