Analysis
-
max time kernel
146s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220331-en -
submitted
11-04-2022 03:14
General
-
Target
ie6setup.exe
-
Size
89KB
-
MD5
ae7037b412682fd64bbbffa95a342006
-
SHA1
917a8d8772dae7d11d785bd662f35f0cfaf6322b
-
SHA256
37805d2fa70054735adb1cb4c9cd5513e0ea7470cd2e30a580b52ad39b8653bd
-
SHA512
8a9606f3e43d66b6c1af0cd0465f123c7f02ce0f09a93d409fc638e579687c373f12928ad05b00f3907131897ffbc23252fa329f9fd5b6f78491887bffbcfb3c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ie6setup.exe"C:\Users\Admin\AppData\Local\Temp\ie6setup.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\525B.tmp\525C.tmp\525D.bat C:\Users\Admin\AppData\Local\Temp\ie6setup.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\InstallInfo" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Shared Tools" /f /v SharedFilesDir /t REG_SZ /d "C:\Program Files\Common Files\Microsoft Shared\3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Shared Tools" /f /v SharedFilesDir /t REG_SZ /d "C:\Program Files (x86)\Common Files\Microsoft Shared\3⤵
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ee4894dfb9bac4d383104020059e1121
SHA11d62f616ee592ecb96f77418276f5ddbfe389756
SHA256b5a10ef4662b0c673c3f7446791e4fd4342410a8e487e5d42269c95b8d13b306
SHA512807159f0db3b771a0829fe211062b50bccfa4fb8f1808091c8bb74bfd4cea8f8466d6a69288613e504fcae28e3da65ef53226efdae652a5529e2b460ab456e43