ca81e73e5cb72508a024b67b9fa0e8c2a0b97ff14e64765e857d43a330b8fc9e

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 10:37

Target

Device/HarddiskVolume3/PROGRAM FILES (X86)/DellDockFW_UPGRADE_UTILITY/DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Size

147KB
MD5

9c953b8f51c128897abce0fb9ac21d93
SHA1

aa75dae2dc94ad7b983677075cefd43ad99f5b14
SHA256

df84bac2ea2fa06f447299efb5ac9dde1b205cbb93457b5b8e09db96ea7fcd2c
SHA512

c56e696df17751a436cd372e915cc82b3594883f9b0c9cdbf5c45c02e34308046cfd4f3ffe8e73c79b9786aac9736d5bfff08a141a3401eddcae19d6e4319a48
SSDEEP

3072:w/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFS2Z4c/va:Ltzsb5Uh28+V1WW69B9VjMdxPedN9ug9

Score

1^/10

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 4872	804	DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe	83
PID 804 wrote to memory of 4872	804	DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe	83
PID 4872 wrote to memory of 692	4872	cmd.exe	84
PID 4872 wrote to memory of 692	4872	cmd.exe	84
PID 4872 wrote to memory of 1924	4872	cmd.exe	85
PID 4872 wrote to memory of 1924	4872	cmd.exe	85
PID 4872 wrote to memory of 1552	4872	cmd.exe	86
PID 4872 wrote to memory of 1552	4872	cmd.exe	86
PID 4872 wrote to memory of 2756	4872	cmd.exe	87
PID 4872 wrote to memory of 2756	4872	cmd.exe	87
PID 4872 wrote to memory of 2960	4872	cmd.exe	88
PID 4872 wrote to memory of 2960	4872	cmd.exe	88
PID 4872 wrote to memory of 1792	4872	cmd.exe	89
PID 4872 wrote to memory of 1792	4872	cmd.exe	89
PID 4872 wrote to memory of 4308	4872	cmd.exe	90
PID 4872 wrote to memory of 4308	4872	cmd.exe	90
PID 4872 wrote to memory of 4128	4872	cmd.exe	91
PID 4872 wrote to memory of 4128	4872	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\PROGRAM FILES (X86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\PROGRAM FILES (X86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\39AD.tmp\39AE.tmp\39AF.bat "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\PROGRAM FILES (X86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Windows\system32\find.exe
    find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system"
    3⤵
    PID:692
- - C:\Windows\system32\find.exe
    find /i check1.log "WD22TB4"
    3⤵
    PID:1924
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19"
    3⤵
    PID:1552
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19S"
    3⤵
    PID:2756
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19DC"
    3⤵
    PID:2960
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19DCS"
    3⤵
    PID:1792
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19TB"
    3⤵
    PID:4308
- - C:\Windows\system32\find.exe
    find /i check1.log "WD19TBS"
    3⤵
    PID:4128

C:\Users\Admin\AppData\Local\Temp\39AD.tmp\39AE.tmp\39AF.bat

Filesize
7KB

MD5
1b130e99a457df03bdf186d6ff816849

SHA1
f7eba7850fe528ee0cc7baf89fd06725c44c7d4b

SHA256
4ce59c12615548a5c9550472039aed42dcedd018de55b46f5ce2fba5b3f9ded6

SHA512
223d7ed298cb678468f24f216deb54dc5110e5f1647b213fc59173b1380597d81373602c84f80e5d586266e5503f093170df4c43351095d4beed7050b92914b0

Download Submit