721499ca6fad05166c13e6748429c80f87e3c447915c60291e6aee557fa9b702

Analysis

max time kernel
118s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 21:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

uninstall_tool_3.7.3.5717/_Unpack Portable.cmd
Size

1KB
MD5

1a295270928250db436d7ce4e45fadbc
SHA1

144facbe9b92110a20421ecd11026cac10fcee06
SHA256

d6580dbbf5df247d3f84b067eb629ad3b94b281e8b0a62f349d665303a07afdb
SHA512

54d06756176e5558739bdb5b4bbeacf9b774178e08d7b0fe45cadb913297dfacb602ade7740b29e1446a8505645509637651d76febdc532c5511e17d122b8cc4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2148	Uninstall Tool 3.7.3.5717.tmp

Loads dropped DLL 4 IoCs

pid	Process
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2148	Uninstall Tool 3.7.3.5717.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp
2148	Uninstall Tool 3.7.3.5717.tmp

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1500	1736	cmd.exe	82
PID 1736 wrote to memory of 1500	1736	cmd.exe	82
PID 1736 wrote to memory of 1500	1736	cmd.exe	82
PID 1500 wrote to memory of 2148	1500	Uninstall Tool 3.7.3.5717.exe	83
PID 1500 wrote to memory of 2148	1500	Uninstall Tool 3.7.3.5717.exe	83
PID 1500 wrote to memory of 2148	1500	Uninstall Tool 3.7.3.5717.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\uninstall_tool_3.7.3.5717\_Unpack Portable.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\uninstall_tool_3.7.3.5717\Uninstall Tool 3.7.3.5717.exe
  "Uninstall Tool 3.7.3.5717.exe" /SILENT /PORTABLE=1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Users\Admin\AppData\Local\Temp\is-K7IO5.tmp\Uninstall Tool 3.7.3.5717.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-K7IO5.tmp\Uninstall Tool 3.7.3.5717.tmp" /SL5="$C011C,5085535,64512,C:\Users\Admin\AppData\Local\Temp\uninstall_tool_3.7.3.5717\Uninstall Tool 3.7.3.5717.exe" /SILENT /PORTABLE=1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-K7IO5.tmp\Uninstall Tool 3.7.3.5717.tmp

Filesize
911KB

MD5
62c95101dd1e6b1533ea39ebeb99dc91

SHA1
468eb392f28e5587469cc0053673db0a82707754

SHA256
311826cea6ff290275f47998747258e13f6220f99808766fec8f791c6bd6646d

SHA512
ff4b9665bf29f4c51eaa593b9cb00dbcb9ac9fe3d5cdf00077f97f0fecd2b170a99be092c2811cf02f23ee5c961d3bf5f9e8347486f138048cfc5bc1cfe19f8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SNBAB.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SNBAB.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SNBAB.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SNBAB.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/1500-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1500-230-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1500-87-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2148-52-0x00000000079E0000-0x00000000079E1000-memory.dmp

Filesize
4KB

Download
memory/2148-58-0x0000000007A00000-0x0000000007A01000-memory.dmp

Filesize
4KB

Download
memory/2148-27-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-28-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/2148-25-0x0000000007950000-0x0000000007951000-memory.dmp

Filesize
4KB

Download
memory/2148-29-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-30-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-31-0x0000000007970000-0x0000000007971000-memory.dmp

Filesize
4KB

Download
memory/2148-32-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-33-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-35-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-34-0x0000000007980000-0x0000000007981000-memory.dmp

Filesize
4KB

Download
memory/2148-36-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-37-0x0000000007990000-0x0000000007991000-memory.dmp

Filesize
4KB

Download
memory/2148-38-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-39-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-40-0x00000000079A0000-0x00000000079A1000-memory.dmp

Filesize
4KB

Download
memory/2148-41-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-42-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-43-0x00000000079B0000-0x00000000079B1000-memory.dmp

Filesize
4KB

Download
memory/2148-44-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-45-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-46-0x00000000079C0000-0x00000000079C1000-memory.dmp

Filesize
4KB

Download
memory/2148-47-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-48-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-49-0x00000000079D0000-0x00000000079D1000-memory.dmp

Filesize
4KB

Download
memory/2148-50-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-51-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-23-0x00000000074E0000-0x00000000077FA000-memory.dmp

Filesize
3.1MB

Download
memory/2148-53-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-54-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-56-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-26-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-59-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-57-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-55-0x00000000079F0000-0x00000000079F1000-memory.dmp

Filesize
4KB

Download
memory/2148-60-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-62-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-63-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-61-0x0000000007A10000-0x0000000007A11000-memory.dmp

Filesize
4KB

Download
memory/2148-64-0x0000000007A20000-0x0000000007A21000-memory.dmp

Filesize
4KB

Download
memory/2148-65-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-66-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-67-0x0000000007A30000-0x0000000007A31000-memory.dmp

Filesize
4KB

Download
memory/2148-68-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-69-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-70-0x0000000007A40000-0x0000000007A41000-memory.dmp

Filesize
4KB

Download
memory/2148-71-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-72-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-73-0x0000000007A50000-0x0000000007A51000-memory.dmp

Filesize
4KB

Download
memory/2148-74-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-75-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-76-0x0000000007A60000-0x0000000007A61000-memory.dmp

Filesize
4KB

Download
memory/2148-77-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-78-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-79-0x0000000007A70000-0x0000000007A71000-memory.dmp

Filesize
4KB

Download
memory/2148-80-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-81-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-83-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-82-0x0000000007A80000-0x0000000007A81000-memory.dmp

Filesize
4KB

Download
memory/2148-84-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2148-17-0x00000000072C0000-0x00000000072D6000-memory.dmp

Filesize
88KB

Download
memory/2148-88-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2148-89-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2148-6-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download