69823ce040158d41e47f1458375b142f462f4725ff6ad1999d78034720b6449b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_Create installation script.cmd
Size

1KB
MD5

d96183ad20b7152c83c1455d0e98116c
SHA1

905a8317a8892ae2170c2aabbcf3846fd7244272
SHA256

b276580e201b8e46386e0203a5c9ac9ebc6c9b9a68ff8890f78c18e20c9bfa82
SHA512

b1e993d843222afdc71939d8f92ab77faae21cee7cc56718033ecbf730e9df0b792dff0505d09cfe046ae72b3417aa9d6d1c6430a13bc3da8043582f718ae859

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Internet Download Manager 6.42.3.tmp

pid process

2428 Internet Download Manager 6.42.3.tmp

Loads dropped DLL 4 IoCs

Processes:

Internet Download Manager 6.42.3.tmp

pid	process
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp

Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes:

Internet Download Manager 6.42.3.tmp

pid	process
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp
2428	Internet Download Manager 6.42.3.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Internet Download Manager 6.42.3.tmp

pid process

2428 Internet Download Manager 6.42.3.tmp
2428 Internet Download Manager 6.42.3.tmp
2428 Internet Download Manager 6.42.3.tmp

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exeInternet Download Manager 6.42.3.exe

description	pid	process	target process
PID 5072 wrote to memory of 4912	5072	cmd.exe	Internet Download Manager 6.42.3.exe
PID 5072 wrote to memory of 4912	5072	cmd.exe	Internet Download Manager 6.42.3.exe
PID 5072 wrote to memory of 4912	5072	cmd.exe	Internet Download Manager 6.42.3.exe
PID 4912 wrote to memory of 2428	4912	Internet Download Manager 6.42.3.exe	Internet Download Manager 6.42.3.tmp
PID 4912 wrote to memory of 2428	4912	Internet Download Manager 6.42.3.exe	Internet Download Manager 6.42.3.tmp
PID 4912 wrote to memory of 2428	4912	Internet Download Manager 6.42.3.exe	Internet Download Manager 6.42.3.tmp

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_Create installation script.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:5072

C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.3.exe
"Internet Download Manager 6.42.3.exe" /SAVEINF="setup.ini"
2⤵
- Suspicious use of WriteProcessMemory
PID:4912

C:\Users\Admin\AppData\Local\Temp\is-GNLME.tmp\Internet Download Manager 6.42.3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GNLME.tmp\Internet Download Manager 6.42.3.tmp" /SL5="$601E0,14762910,64512,C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.3.exe" /SAVEINF="setup.ini"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-GNLME.tmp\Internet Download Manager 6.42.3.tmp
Filesize
911KB

MD5
4a6c1b37772b488d1bdff1eb6e589118

SHA1
e89a6b43b8fb61f988779c0bc3bd421090424d53

SHA256
109e48992f332ddde3f2ff8ea6459f11eff3d7968dab4951dc96ed7507f1bbf6

SHA512
132ff049d9d2d2dca20084f4fa1b3ebf059ccfbc0c5b0b29fabf78543896fb9e18d0dd2255f6bbbd5c637d5c6d405fd07ebd247c77bf751e0d8758cd8eda73cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TEI1K.tmp\ISTask.dll
Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TEI1K.tmp\VclStylesInno.dll
Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/2428-56-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-33-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-23-0x00000000074E0000-0x00000000077FA000-memory.dmp

Filesize
3.1MB

Download
memory/2428-25-0x0000000007950000-0x0000000007951000-memory.dmp

Filesize
4KB

Download
memory/2428-26-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-57-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-28-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/2428-31-0x0000000007970000-0x0000000007971000-memory.dmp

Filesize
4KB

Download
memory/2428-32-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-58-0x0000000007A00000-0x0000000007A01000-memory.dmp

Filesize
4KB

Download
memory/2428-36-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-35-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-34-0x0000000007980000-0x0000000007981000-memory.dmp

Filesize
4KB

Download
memory/2428-29-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-30-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-38-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-39-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-42-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-41-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-40-0x00000000079A0000-0x00000000079A1000-memory.dmp

Filesize
4KB

Download
memory/2428-45-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-44-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-43-0x00000000079B0000-0x00000000079B1000-memory.dmp

Filesize
4KB

Download
memory/2428-37-0x0000000007990000-0x0000000007991000-memory.dmp

Filesize
4KB

Download
memory/2428-49-0x00000000079D0000-0x00000000079D1000-memory.dmp

Filesize
4KB

Download
memory/2428-48-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-47-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-51-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-50-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-46-0x00000000079C0000-0x00000000079C1000-memory.dmp

Filesize
4KB

Download
memory/2428-52-0x00000000079E0000-0x00000000079E1000-memory.dmp

Filesize
4KB

Download
memory/2428-53-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-54-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-6-0x00000000007B0000-0x00000000007B1000-memory.dmp

Filesize
4KB

Download
memory/2428-100-0x00000000073D0000-0x00000000073D1000-memory.dmp

Filesize
4KB

Download
memory/2428-27-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-17-0x00000000072B0000-0x00000000072C6000-memory.dmp

Filesize
88KB

Download
memory/2428-59-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-63-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-64-0x0000000007A20000-0x0000000007A21000-memory.dmp

Filesize
4KB

Download
memory/2428-61-0x0000000007A10000-0x0000000007A11000-memory.dmp

Filesize
4KB

Download
memory/2428-62-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-67-0x0000000007A30000-0x0000000007A31000-memory.dmp

Filesize
4KB

Download
memory/2428-69-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-75-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-74-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-73-0x0000000007A50000-0x0000000007A51000-memory.dmp

Filesize
4KB

Download
memory/2428-76-0x0000000007A60000-0x0000000007A61000-memory.dmp

Filesize
4KB

Download
memory/2428-78-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-79-0x0000000007A70000-0x0000000007A71000-memory.dmp

Filesize
4KB

Download
memory/2428-77-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-72-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-81-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-80-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-82-0x0000000007A80000-0x0000000007A81000-memory.dmp

Filesize
4KB

Download
memory/2428-71-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-70-0x0000000007A40000-0x0000000007A41000-memory.dmp

Filesize
4KB

Download
memory/2428-68-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-66-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-65-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-60-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-83-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-84-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/2428-87-0x00000000073D0000-0x00000000073D1000-memory.dmp

Filesize
4KB

Download
memory/2428-95-0x00000000007B0000-0x00000000007B1000-memory.dmp

Filesize
4KB

Download
memory/2428-55-0x00000000079F0000-0x00000000079F1000-memory.dmp

Filesize
4KB

Download
memory/4912-2-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4912-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4912-94-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download