b62a3ac2a5850cfe67e4b720979ef147f3de70a8dd9fc5e534c8b79433a6a966

Analysis

max time kernel
140s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 18:23

Target

$PLUGINSDIR/smartinstallAllinOne.exe
Size

202KB
MD5

082c78654828352b43e7818ae272c826
SHA1

b1a6c498bc0ed6776e84345e30df83a7c0db425a
SHA256

981c92d332c0c69c89b2c8d944f8a773823ec91228deb4447898773df7822bc5
SHA512

eb6ef52b589d0b948992c23781516745d6417a96bfc85fab2654b3dca18d6a61e4083c04afd8bb887ce0f721f197cd1fc1738af7a65dd1ad77ddd86597f73ac1
SSDEEP

6144:h40JDvFeKBw8v92A7BBNC0kz/ifYxUxBE1T3N:71Bv/NwbWTC3N

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4800	GLBD1C7.tmp

Loads dropped DLL 1 IoCs

pid	Process
4800	GLBD1C7.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 4800	3384	smartinstallAllinOne.exe	90
PID 3384 wrote to memory of 4800	3384	smartinstallAllinOne.exe	90
PID 3384 wrote to memory of 4800	3384	smartinstallAllinOne.exe	90

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\smartinstallAllinOne.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\smartinstallAllinOne.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Users\Admin\AppData\Local\Temp\GLBD1C7.tmp
  C:\Users\Admin\AppData\Local\Temp\GLBD1C7.tmp 4736 C:\Users\Admin\AppData\Local\Temp\$PLUGI~1\SMARTI~1.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4108,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:8
1⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\GLBD1C7.tmp

Filesize
70KB

MD5
91c551a92e678f977821ea9c1079f984

SHA1
f3243b6ff7ea118a178f301a9bd3d0dc1a18741d

SHA256
9bb92f379e5c313528112a53488ca106f1da97c88082f124fcdfbdb392833db6

SHA512
f584b1094ab4ce1db7976706aca2c89601c80a106d86eeaf2b2b4a4059ff54e0c94817bd5ddd3bb21a6584878efad8262b9a1d7961a80035785240995854e491

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLCD234.tmp

Filesize
161KB

MD5
8c97d8bb1470c6498e47b12c5a03ce39

SHA1
15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

SHA256
a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

SHA512
7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

Download Submit