fd4823604bc2633fc2c89c3b25aec23eb81303118fe9605be4ee3b89107d0789

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 15:06

Target

cbb8f341256f07d59a449c7bc0b28211.exe
Size

92KB
MD5

cbb8f341256f07d59a449c7bc0b28211
SHA1

e5012e367d6f4aa1f966b801dc1cfaba3554699c
SHA256

fd4823604bc2633fc2c89c3b25aec23eb81303118fe9605be4ee3b89107d0789
SHA512

f98130e718a445df1e7706bff8b0c898501a65c45c7f038fec1359c9a08ba91e78a131778d71e6a506ef9629ccedafd6bd2b7c77389e83daa2c2c303e75ed0a1
SSDEEP

1536:+o7kk+E2w2h9RGLf+09CsSK7QJqfMrIt3dakSlJ7vvvvdQv+2q4f2:9hwwkD3veX6lJGqs2

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2360	1900	cbb8f341256f07d59a449c7bc0b28211.exe	29
PID 1900 wrote to memory of 2360	1900	cbb8f341256f07d59a449c7bc0b28211.exe	29
PID 1900 wrote to memory of 2360	1900	cbb8f341256f07d59a449c7bc0b28211.exe	29
PID 1900 wrote to memory of 2360	1900	cbb8f341256f07d59a449c7bc0b28211.exe	29
PID 2360 wrote to memory of 2476	2360	cbb8f341256f07d59a449c7bc0b28211.exe	30
PID 2360 wrote to memory of 2476	2360	cbb8f341256f07d59a449c7bc0b28211.exe	30
PID 2360 wrote to memory of 2476	2360	cbb8f341256f07d59a449c7bc0b28211.exe	30
PID 2360 wrote to memory of 2476	2360	cbb8f341256f07d59a449c7bc0b28211.exe	30
PID 2476 wrote to memory of 1980	2476	cbb8f341256f07d59a449c7bc0b28211.exe	31
PID 2476 wrote to memory of 1980	2476	cbb8f341256f07d59a449c7bc0b28211.exe	31
PID 2476 wrote to memory of 1980	2476	cbb8f341256f07d59a449c7bc0b28211.exe	31
PID 2476 wrote to memory of 1980	2476	cbb8f341256f07d59a449c7bc0b28211.exe	31

C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe
"C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe
  C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe 224541958355
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe
    C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe -bkg 224541958355
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Windows\SysWOW64\wscript.exe
      wscript /B "C:\Users\Admin\AppData\Local\Temp\stb42EB.tmp\stub.vbe" "http://upgrade.beatboxtriangle.com/install.aspx?b=basicscan" "C:\Users\Admin\AppData\Local\Temp\stb42EA.tmp\setup.exe" ""C:\Users\Admin\AppData\Local\Temp\stb42EA.tmp\setup.exe" -i 452d81bafff1457dbc89f5a2a2ce95ca -p BscscnPB /S" "http://upgrade.beatboxtriangle.com/?vn=0&ny81=623&rea=9999&whi80=8101&cid=452d81bafff1457dbc89f5a2a2ce95ca&herp8=58&b=basicscan&dxx87=65&ptag=BscscnPB&awd0=000&av=Ao19cDF0lroKQZGcGWv64KQowTOUJpXf8zxYqCi0&nkcd10=4701&product=0&cgo2=676&as=Ao1EdjF1365ED7qXGijiua81iTWPFMGcpnVa5iPzi2tFIG96dCogerJKDA" 0 1
      4⤵
      PID:1980

C:\Users\Admin\AppData\Local\Temp\stb42EB.tmp\stub.vbe

Filesize
5KB

MD5
babda98240e8ff7927acfe95e7447f3d

SHA1
9ef98b18119b388638aedf3e50e59c07b121c99b

SHA256
7697b0aac6263241cb6b27e824644bda1e9fe95bab761626ac1c7c7454fbbbac

SHA512
ab62f6d65c7f9ca591590534bcbb8930dbedb48294eef6c832581b5ba754a14a53a3013cac728902d6bb83dd6a5db2d29444a5cf1df093de6ed600c70b7bf484

Download Submit