37805d2fa70054735adb1cb4c9cd5513e0ea7470cd2e30a580b52ad39b8653bd

Analysis

Target

ie6setup.exe
Size

89KB
MD5

ae7037b412682fd64bbbffa95a342006
SHA1

917a8d8772dae7d11d785bd662f35f0cfaf6322b
SHA256

37805d2fa70054735adb1cb4c9cd5513e0ea7470cd2e30a580b52ad39b8653bd
SHA512

8a9606f3e43d66b6c1af0cd0465f123c7f02ce0f09a93d409fc638e579687c373f12928ad05b00f3907131897ffbc23252fa329f9fd5b6f78491887bffbcfb3c

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 1772	4588	ie6setup.exe	82
PID 4588 wrote to memory of 1772	4588	ie6setup.exe	82
PID 1772 wrote to memory of 4152	1772	cmd.exe	83
PID 1772 wrote to memory of 4152	1772	cmd.exe	83
PID 1772 wrote to memory of 856	1772	cmd.exe	84
PID 1772 wrote to memory of 856	1772	cmd.exe	84
PID 1772 wrote to memory of 4112	1772	cmd.exe	85
PID 1772 wrote to memory of 4112	1772	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\ie6setup.exe
"C:\Users\Admin\AppData\Local\Temp\ie6setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A9A2.tmp\A9A3.tmp\A9B4.bat C:\Users\Admin\AppData\Local\Temp\ie6setup.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\InstallInfo" /f
    3⤵
    PID:4152
- - C:\Windows\system32\reg.exe
    reg add "HKLM\SOFTWARE\Microsoft\Shared Tools" /f /v SharedFilesDir /t REG_SZ /d "C:\Program Files\Common Files\Microsoft Shared\
    3⤵
    PID:856
- - C:\Windows\system32\reg.exe
    reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Shared Tools" /f /v SharedFilesDir /t REG_SZ /d "C:\Program Files (x86)\Common Files\Microsoft Shared\
    3⤵
    PID:4112

C:\Users\Admin\AppData\Local\Temp\A9A2.tmp\A9A3.tmp\A9B4.bat

Filesize
1KB

MD5
ee4894dfb9bac4d383104020059e1121

SHA1
1d62f616ee592ecb96f77418276f5ddbfe389756

SHA256
b5a10ef4662b0c673c3f7446791e4fd4342410a8e487e5d42269c95b8d13b306

SHA512
807159f0db3b771a0829fe211062b50bccfa4fb8f1808091c8bb74bfd4cea8f8466d6a69288613e504fcae28e3da65ef53226efdae652a5529e2b460ab456e43

Download Submit