2eb611a890a34473ca80e7f867c85f6e185ac97ddce0a2b48ed99a0ad87095b7

Analysis

max time kernel
89s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15/07/2024, 18:26

Target

Setup.exe
Size

45.6MB
MD5

869595800b4ec47aea74229b01ef9873
SHA1

2ec1c89ba7de031a06bc79ca921f2015734d806d
SHA256

2eb611a890a34473ca80e7f867c85f6e185ac97ddce0a2b48ed99a0ad87095b7
SHA512

8cf5c084c363a9343612f91576594ff6ae9e4bbc65507e9024ef105c9e0ce6eb1bcf1373dbb517a2570d5ad7c3fc170e11d3ab48a48f5d56cdaa78ab1bbb4e89
SSDEEP

196608:HyvgjG1SD/GiUKzPeRdfcCRP59eVPCaG509ncB+wch2OH:HDG14/XU6e1fUVPCaC098fchH

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 752 set thread context of 1416	752	Setup.exe	78

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 1416	752	Setup.exe	78
PID 752 wrote to memory of 1416	752	Setup.exe	78
PID 752 wrote to memory of 1416	752	Setup.exe	78
PID 752 wrote to memory of 1416	752	Setup.exe	78
PID 752 wrote to memory of 1416	752	Setup.exe	78

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  2⤵
  PID:1416

memory/752-9-0x00007FF6C90F0000-0x00007FF6CBF4B000-memory.dmp

Filesize
46.4MB

Download
memory/1416-8-0x0000000000690000-0x00000000006E5000-memory.dmp

Filesize
340KB

Download
memory/1416-11-0x0000000000690000-0x00000000006E5000-memory.dmp

Filesize
340KB

Download
memory/1416-12-0x0000000000690000-0x00000000006E5000-memory.dmp

Filesize
340KB

Download
memory/1416-13-0x0000000000690000-0x00000000006E5000-memory.dmp

Filesize
340KB

Download