0b06963ea447719c45decd2ddd24472e36dc93b438a9c9497d8f7f0fe1500c39

Analysis

max time kernel
142s
max time network
65s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/05/2023, 09:26

Target

setuptaskbarify.exe
Size

4.1MB
MD5

f63f6139fddee84aec0d0f0058a4efb3
SHA1

e06746fb16919c2b7211a39830bfb24285af3a29
SHA256

0b06963ea447719c45decd2ddd24472e36dc93b438a9c9497d8f7f0fe1500c39
SHA512

822335aa2513d9512fd42e10a8ba194b5186e8f06d52ca89e0aef2ae4d09953eedd70222a946482feff8e0cb97a1d30784e7925c11408dc31663897d65802098
SSDEEP

98304:+kLhjLnlosC8dAfwaOnqdKp8DezO90vddE:ZhLnlosCl3d3DqxvE

Score

4^/10

Executes dropped EXE 1 IoCs

pid	Process
2044	setuptaskbarify.tmp

Loads dropped DLL 1 IoCs

pid	Process
1712	setuptaskbarify.exe

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	4	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2044	1712	setuptaskbarify.exe	28
PID 1712 wrote to memory of 2044	1712	setuptaskbarify.exe	28
PID 1712 wrote to memory of 2044	1712	setuptaskbarify.exe	28
PID 1712 wrote to memory of 2044	1712	setuptaskbarify.exe	28
PID 1712 wrote to memory of 2044	1712	setuptaskbarify.exe	28
PID 1712 wrote to memory of 2044	1712	setuptaskbarify.exe	28
PID 1712 wrote to memory of 2044	1712	setuptaskbarify.exe	28

C:\Users\Admin\AppData\Local\Temp\setuptaskbarify.exe
"C:\Users\Admin\AppData\Local\Temp\setuptaskbarify.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\is-NVMDE.tmp\setuptaskbarify.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NVMDE.tmp\setuptaskbarify.tmp" /SL5="$70124,3469861,1061888,C:\Users\Admin\AppData\Local\Temp\setuptaskbarify.exe"
  2⤵
  - Executes dropped EXE
  PID:2044

C:\Users\Admin\AppData\Local\Temp\is-NVMDE.tmp\setuptaskbarify.tmp

Filesize
3.3MB

MD5
8984f02e1cc4816ad2b1aac1e3ba9ae1

SHA1
b30063c44afa511b269d91687945d37fc3c1d5fb

SHA256
7aa454b408d61ed71bf40096477e7781b6e30511b92950ed1b226a46c875eb4a

SHA512
c0cc7a7439a44edc48a17dccca9ca6083cc4e31bcc9a09069e78ceaccd6aad2dab2214d67d6327028742238502176b58f31f3ab5ad536bb030e0a7de37068419

Download Submit
\Users\Admin\AppData\Local\Temp\is-NVMDE.tmp\setuptaskbarify.tmp

Filesize
3.3MB

MD5
8984f02e1cc4816ad2b1aac1e3ba9ae1

SHA1
b30063c44afa511b269d91687945d37fc3c1d5fb

SHA256
7aa454b408d61ed71bf40096477e7781b6e30511b92950ed1b226a46c875eb4a

SHA512
c0cc7a7439a44edc48a17dccca9ca6083cc4e31bcc9a09069e78ceaccd6aad2dab2214d67d6327028742238502176b58f31f3ab5ad536bb030e0a7de37068419

Download Submit
memory/1712-54-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/1712-67-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/2044-62-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2044-68-0x0000000000400000-0x000000000074B000-memory.dmp

Filesize
3.3MB

Download
memory/2044-69-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download