0b06963ea447719c45decd2ddd24472e36dc93b438a9c9497d8f7f0fe1500c39

Analysis

max time kernel
152s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 09:26

Target

setuptaskbarify.exe
Size

4.1MB
MD5

f63f6139fddee84aec0d0f0058a4efb3
SHA1

e06746fb16919c2b7211a39830bfb24285af3a29
SHA256

0b06963ea447719c45decd2ddd24472e36dc93b438a9c9497d8f7f0fe1500c39
SHA512

822335aa2513d9512fd42e10a8ba194b5186e8f06d52ca89e0aef2ae4d09953eedd70222a946482feff8e0cb97a1d30784e7925c11408dc31663897d65802098
SSDEEP

98304:+kLhjLnlosC8dAfwaOnqdKp8DezO90vddE:ZhLnlosCl3d3DqxvE

Score

4^/10

Executes dropped EXE 1 IoCs

pid	Process
1708	setuptaskbarify.tmp

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	27	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	35	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1708	1260	setuptaskbarify.exe	83
PID 1260 wrote to memory of 1708	1260	setuptaskbarify.exe	83
PID 1260 wrote to memory of 1708	1260	setuptaskbarify.exe	83

C:\Users\Admin\AppData\Local\Temp\setuptaskbarify.exe
"C:\Users\Admin\AppData\Local\Temp\setuptaskbarify.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Users\Admin\AppData\Local\Temp\is-V3VL6.tmp\setuptaskbarify.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-V3VL6.tmp\setuptaskbarify.tmp" /SL5="$F0040,3469861,1061888,C:\Users\Admin\AppData\Local\Temp\setuptaskbarify.exe"
  2⤵
  - Executes dropped EXE
  PID:1708

C:\Users\Admin\AppData\Local\Temp\is-V3VL6.tmp\setuptaskbarify.tmp

Filesize
3.3MB

MD5
8984f02e1cc4816ad2b1aac1e3ba9ae1

SHA1
b30063c44afa511b269d91687945d37fc3c1d5fb

SHA256
7aa454b408d61ed71bf40096477e7781b6e30511b92950ed1b226a46c875eb4a

SHA512
c0cc7a7439a44edc48a17dccca9ca6083cc4e31bcc9a09069e78ceaccd6aad2dab2214d67d6327028742238502176b58f31f3ab5ad536bb030e0a7de37068419

Download Submit
memory/1260-133-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/1260-144-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/1708-138-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/1708-145-0x0000000000400000-0x000000000074B000-memory.dmp

Filesize
3.3MB

Download
memory/1708-146-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download