169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b

Analysis

max time kernel
168s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 02:13

Target

169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe
Size

601KB
MD5

0a4d37e84cf47082c271359a5580b573
SHA1

4b26e3c8d6399d7f28ab270b687a054d426ce2c7
SHA256

169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b
SHA512

220b53dfa80e25c3496037018050b2e0f257d1ade5b5e8a461cd12d51f074bca62d7b89d47354b279c5533be4b4b7cafd1bee0483ca22c13a075e72436dead40
SSDEEP

12288:O3+Ondk7TbCMPW5A6X4tbAYkrYJAeZ1sug8Gy0t8wGpB5NPfvnbvaGoQ:O3tdQbC8W5A0YirYhicGy0t8wsvbvZ

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4892	Utility Mang.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Utility Mang.exe	169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe
File opened for modification	C:\Windows\Utility Mang.exe	169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe
File created	C:\Windows\Uer.bat	169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4892	Utility Mang.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 4188	4892	Utility Mang.exe	82
PID 4892 wrote to memory of 4188	4892	Utility Mang.exe	82
PID 4688 wrote to memory of 848	4688	169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe	83
PID 4688 wrote to memory of 848	4688	169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe	83
PID 4688 wrote to memory of 848	4688	169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe	83

C:\Users\Admin\AppData\Local\Temp\169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe
"C:\Users\Admin\AppData\Local\Temp\169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Uer.bat
  2⤵
  PID:848

C:\Windows\Utility Mang.exe
"C:\Windows\Utility Mang.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4188

C:\Windows\Uer.bat

Filesize
250B

MD5
936e307b3788bf8d3f1a1d22df1bcce3

SHA1
56e97333e1ddb4676ce450d57ff23e406777d0b5

SHA256
46c3b885d25283d14822bd7b32974d8b0dcb4643042a3f6e519168f9a182ac54

SHA512
318a20b3b7fde0584680b8af9943018ac39fb67c4fa2e8ed8fcba05fd3ec92c45c690d02c62c8bc9ee89b0c69615f779dd3231ca83cd3eed8fa5358c983232ee

Download Submit
C:\Windows\Utility Mang.exe

Filesize
601KB

MD5
0a4d37e84cf47082c271359a5580b573

SHA1
4b26e3c8d6399d7f28ab270b687a054d426ce2c7

SHA256
169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b

SHA512
220b53dfa80e25c3496037018050b2e0f257d1ade5b5e8a461cd12d51f074bca62d7b89d47354b279c5533be4b4b7cafd1bee0483ca22c13a075e72436dead40

Download Submit
C:\Windows\Utility Mang.exe

Filesize
601KB

MD5
0a4d37e84cf47082c271359a5580b573

SHA1
4b26e3c8d6399d7f28ab270b687a054d426ce2c7

SHA256
169e4ba1aeae497a13fbb320a30f8bb0fac4a44ede57c24d9040c3b878848a5b

SHA512
220b53dfa80e25c3496037018050b2e0f257d1ade5b5e8a461cd12d51f074bca62d7b89d47354b279c5533be4b4b7cafd1bee0483ca22c13a075e72436dead40

Download Submit
memory/4688-132-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/4688-137-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/4892-135-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/4892-139-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download