6ded73b437e967c9ff6508c0fa853f45abd7fe97f430d53a139834c9a9ebb778

Resubmissions

10-07-2020 07:16

Target

PacketTracer-7.3.0-win64-setup.exe
Size

146.9MB
MD5

9a5fffcd7fa373a0ee94fdc490664e83
SHA1

1edae57082ac9aad5062be08030a376b5e2b545a
SHA256

6ded73b437e967c9ff6508c0fa853f45abd7fe97f430d53a139834c9a9ebb778
SHA512

7f26fa07880f57cad2877bc1a2413e8afe75a14855d38d42926f930cc91c8d426aec8886d30dd9c74c900f7ea35aebdccbb8372d2b013056fd2388166bc2427b

Score

8^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1300	1108	PacketTracer-7.3.0-win64-setup.exe	24
PID 1108 wrote to memory of 1300	1108	PacketTracer-7.3.0-win64-setup.exe	24
PID 1108 wrote to memory of 1300	1108	PacketTracer-7.3.0-win64-setup.exe	24
PID 1108 wrote to memory of 1300	1108	PacketTracer-7.3.0-win64-setup.exe	24
PID 1108 wrote to memory of 1300	1108	PacketTracer-7.3.0-win64-setup.exe	24
PID 1108 wrote to memory of 1300	1108	PacketTracer-7.3.0-win64-setup.exe	24
PID 1108 wrote to memory of 1300	1108	PacketTracer-7.3.0-win64-setup.exe	24

Executes dropped EXE 1 IoCs

pid	Process
1300	PacketTracer-7.3.0-win64-setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
1108	PacketTracer-7.3.0-win64-setup.exe

C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.0-win64-setup.exe
"C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.0-win64-setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Loads dropped DLL
PID:1108
- C:\Users\Admin\AppData\Local\Temp\is-QC23R.tmp\PacketTracer-7.3.0-win64-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QC23R.tmp\PacketTracer-7.3.0-win64-setup.tmp" /SL5="$50134,153500553,121344,C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.0-win64-setup.exe"
  2⤵
  - Executes dropped EXE
  PID:1300