ca81e73e5cb72508a024b67b9fa0e8c2a0b97ff14e64765e857d43a330b8fc9e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 10:37

Target

Device/HarddiskVolume3/PROGRAM FILES (X86)/DellDockFW_UPGRADE_UTILITY/DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Size

147KB
MD5

9c953b8f51c128897abce0fb9ac21d93
SHA1

aa75dae2dc94ad7b983677075cefd43ad99f5b14
SHA256

df84bac2ea2fa06f447299efb5ac9dde1b205cbb93457b5b8e09db96ea7fcd2c
SHA512

c56e696df17751a436cd372e915cc82b3594883f9b0c9cdbf5c45c02e34308046cfd4f3ffe8e73c79b9786aac9736d5bfff08a141a3401eddcae19d6e4319a48
SSDEEP

3072:w/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFS2Z4c/va:Ltzsb5Uh28+V1WW69B9VjMdxPedN9ug9

Score

1^/10

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1580	1720	DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe	29
PID 1720 wrote to memory of 1580	1720	DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe	29
PID 1720 wrote to memory of 1580	1720	DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe	29
PID 1580 wrote to memory of 2936	1580	cmd.exe	30
PID 1580 wrote to memory of 2936	1580	cmd.exe	30
PID 1580 wrote to memory of 2936	1580	cmd.exe	30
PID 1580 wrote to memory of 2940	1580	cmd.exe	31
PID 1580 wrote to memory of 2940	1580	cmd.exe	31
PID 1580 wrote to memory of 2940	1580	cmd.exe	31
PID 1580 wrote to memory of 2952	1580	cmd.exe	32
PID 1580 wrote to memory of 2952	1580	cmd.exe	32
PID 1580 wrote to memory of 2952	1580	cmd.exe	32
PID 1580 wrote to memory of 2948	1580	cmd.exe	33
PID 1580 wrote to memory of 2948	1580	cmd.exe	33
PID 1580 wrote to memory of 2948	1580	cmd.exe	33
PID 1580 wrote to memory of 3056	1580	cmd.exe	34
PID 1580 wrote to memory of 3056	1580	cmd.exe	34
PID 1580 wrote to memory of 3056	1580	cmd.exe	34
PID 1580 wrote to memory of 3060	1580	cmd.exe	35
PID 1580 wrote to memory of 3060	1580	cmd.exe	35
PID 1580 wrote to memory of 3060	1580	cmd.exe	35
PID 1580 wrote to memory of 3068	1580	cmd.exe	36
PID 1580 wrote to memory of 3068	1580	cmd.exe	36
PID 1580 wrote to memory of 3068	1580	cmd.exe	36
PID 1580 wrote to memory of 2024	1580	cmd.exe	37
PID 1580 wrote to memory of 2024	1580	cmd.exe	37
PID 1580 wrote to memory of 2024	1580	cmd.exe	37

C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\PROGRAM FILES (X86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\PROGRAM FILES (X86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\732.tmp\733.tmp\734.bat "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\PROGRAM FILES (X86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1580
- - C:\Windows\system32\find.exe
    find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system"
    3⤵
    PID:2936
- - C:\Windows\system32\find.exe
    find /i check1.log "WD22TB4"
    3⤵
    PID:2940
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19"
    3⤵
    PID:2952
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19S"
    3⤵
    PID:2948
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19DC"
    3⤵
    PID:3056
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19DCS"
    3⤵
    PID:3060
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19TB"
    3⤵
    PID:3068
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19TBS"
    3⤵
    PID:2024

C:\Users\Admin\AppData\Local\Temp\732.tmp\733.tmp\734.bat

Filesize
7KB

MD5
1b130e99a457df03bdf186d6ff816849

SHA1
f7eba7850fe528ee0cc7baf89fd06725c44c7d4b

SHA256
4ce59c12615548a5c9550472039aed42dcedd018de55b46f5ce2fba5b3f9ded6

SHA512
223d7ed298cb678468f24f216deb54dc5110e5f1647b213fc59173b1380597d81373602c84f80e5d586266e5503f093170df4c43351095d4beed7050b92914b0

Download Submit