37805d2fa70054735adb1cb4c9cd5513e0ea7470cd2e30a580b52ad39b8653bd

Analysis

max time kernel
135s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 05:13

Target

ie6setup.exe
Size

89KB
MD5

ae7037b412682fd64bbbffa95a342006
SHA1

917a8d8772dae7d11d785bd662f35f0cfaf6322b
SHA256

37805d2fa70054735adb1cb4c9cd5513e0ea7470cd2e30a580b52ad39b8653bd
SHA512

8a9606f3e43d66b6c1af0cd0465f123c7f02ce0f09a93d409fc638e579687c373f12928ad05b00f3907131897ffbc23252fa329f9fd5b6f78491887bffbcfb3c

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 3328	2348	ie6setup.exe	83
PID 2348 wrote to memory of 3328	2348	ie6setup.exe	83
PID 3328 wrote to memory of 4548	3328	cmd.exe	84
PID 3328 wrote to memory of 4548	3328	cmd.exe	84
PID 3328 wrote to memory of 2004	3328	cmd.exe	85
PID 3328 wrote to memory of 2004	3328	cmd.exe	85
PID 3328 wrote to memory of 2568	3328	cmd.exe	86
PID 3328 wrote to memory of 2568	3328	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\ie6setup.exe
"C:\Users\Admin\AppData\Local\Temp\ie6setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\F84F.tmp\F850.tmp\F851.bat C:\Users\Admin\AppData\Local\Temp\ie6setup.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3328
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\InstallInfo" /f
    3⤵
    PID:4548
- - C:\Windows\system32\reg.exe
    reg add "HKLM\SOFTWARE\Microsoft\Shared Tools" /f /v SharedFilesDir /t REG_SZ /d "C:\Program Files\Common Files\Microsoft Shared\
    3⤵
    PID:2004
- - C:\Windows\system32\reg.exe
    reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Shared Tools" /f /v SharedFilesDir /t REG_SZ /d "C:\Program Files (x86)\Common Files\Microsoft Shared\
    3⤵
    PID:2568

C:\Users\Admin\AppData\Local\Temp\F84F.tmp\F850.tmp\F851.bat

Filesize
1KB

MD5
ee4894dfb9bac4d383104020059e1121

SHA1
1d62f616ee592ecb96f77418276f5ddbfe389756

SHA256
b5a10ef4662b0c673c3f7446791e4fd4342410a8e487e5d42269c95b8d13b306

SHA512
807159f0db3b771a0829fe211062b50bccfa4fb8f1808091c8bb74bfd4cea8f8466d6a69288613e504fcae28e3da65ef53226efdae652a5529e2b460ab456e43

Download Submit