12c3cd6afeb0da63f0ef22c0f430665a489d477876fb97f55fb4466badd21571

General

Target

R980533211.exe
Size

652KB
MD5

cea5d13da191b583af960af626f06c19
SHA1

a778bf24076a24e501a2f4db102cfdac413bb566
SHA256

cca5e12f1d9a4823e1188c7af7f66e51299fa975f0a4f40062808bc7c5fc4001
SHA512

2c6fb4c9c0eb6f287bf7353f8d3f274c9b7f75656b4f6a4d021c3b3def7af8214d02f23d2db6b27bfe42b4f291ff2fb81ce748492fc3faebfebd5103c13bb9bc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

R980533211.exeR980533211.exeR980533211.exeR980533211.exeR980533211.exe

description	pid	process	target process
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 1936	800	R980533211.exe	MSBuild.exe
PID 800 wrote to memory of 652	800	R980533211.exe	R980533211.exe
PID 800 wrote to memory of 652	800	R980533211.exe	R980533211.exe
PID 800 wrote to memory of 652	800	R980533211.exe	R980533211.exe
PID 800 wrote to memory of 652	800	R980533211.exe	R980533211.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 2008	652	R980533211.exe	MSBuild.exe
PID 652 wrote to memory of 1348	652	R980533211.exe	R980533211.exe
PID 652 wrote to memory of 1348	652	R980533211.exe	R980533211.exe
PID 652 wrote to memory of 1348	652	R980533211.exe	R980533211.exe
PID 652 wrote to memory of 1348	652	R980533211.exe	R980533211.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 2040	1348	R980533211.exe	MSBuild.exe
PID 1348 wrote to memory of 840	1348	R980533211.exe	R980533211.exe
PID 1348 wrote to memory of 840	1348	R980533211.exe	R980533211.exe
PID 1348 wrote to memory of 840	1348	R980533211.exe	R980533211.exe
PID 1348 wrote to memory of 840	1348	R980533211.exe	R980533211.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1408	840	R980533211.exe	MSBuild.exe
PID 840 wrote to memory of 1800	840	R980533211.exe	R980533211.exe
PID 840 wrote to memory of 1800	840	R980533211.exe	R980533211.exe
PID 840 wrote to memory of 1800	840	R980533211.exe	R980533211.exe
PID 840 wrote to memory of 1800	840	R980533211.exe	R980533211.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 1204	1800	R980533211.exe	MSBuild.exe
PID 1800 wrote to memory of 964	1800	R980533211.exe	R980533211.exe
PID 1800 wrote to memory of 964	1800	R980533211.exe	R980533211.exe
PID 1800 wrote to memory of 964	1800	R980533211.exe	R980533211.exe

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
2⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
3⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:1348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
4⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:840

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
5⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:1800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
6⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
6⤵
PID:964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
7⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
7⤵
PID:904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
8⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
8⤵
PID:552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
9⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
9⤵
PID:460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
10⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
10⤵
PID:1156

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
11⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
11⤵
PID:1264

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
12⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
12⤵
PID:1792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
13⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
13⤵
PID:1268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
14⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\R980533211.exe
"C:\Users\Admin\AppData\Local\Temp\R980533211.exe"
14⤵
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/460-79-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/460-77-0x0000000000000000-mapping.dmp

Download
memory/552-74-0x0000000000000000-mapping.dmp

Download
memory/552-76-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/652-56-0x0000000000000000-mapping.dmp

Download
memory/652-58-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/800-55-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/800-54-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/840-64-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/840-62-0x0000000000000000-mapping.dmp

Download
memory/904-71-0x0000000000000000-mapping.dmp

Download
memory/904-73-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/964-68-0x0000000000000000-mapping.dmp

Download
memory/964-70-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/1156-80-0x0000000000000000-mapping.dmp

Download
memory/1156-82-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/1264-85-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/1264-83-0x0000000000000000-mapping.dmp

Download
memory/1268-89-0x0000000000000000-mapping.dmp

Download
memory/1268-91-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/1348-59-0x0000000000000000-mapping.dmp

Download
memory/1348-61-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/1792-86-0x0000000000000000-mapping.dmp

Download
memory/1792-88-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/1800-65-0x0000000000000000-mapping.dmp

Download
memory/1800-67-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download
memory/1992-92-0x0000000000000000-mapping.dmp

Download
memory/1992-94-0x0000000000270000-0x0000000000317000-memory.dmp

Filesize
668KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads