ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe
Size

314KB
MD5

5154b54879098779ace257477c524cec
SHA1

1b03fd2e17ee5c8a0ecd1b8aabad80c87338174a
SHA256

ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2
SHA512

28a90ac64f0c1964d077cd2556e760c207843fe0b0f318894efe8f5f755e9d326d6156821ff54c783ce82936b5f5c2507215d86d864a3047c8789adc8c0fa8ba
SSDEEP

6144:SROaTaPB0LqOFV/+s08n2+SJXbXYqG7w51:S/GPmV/+snuJXbXzG

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 1480	1132	ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe	28
PID 1132 wrote to memory of 1480	1132	ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe	28
PID 1132 wrote to memory of 1480	1132	ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe	28
PID 1480 wrote to memory of 852	1480	csc.exe	30
PID 1480 wrote to memory of 852	1480	csc.exe	30
PID 1480 wrote to memory of 852	1480	csc.exe	30
PID 1132 wrote to memory of 1276	1132	ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe	31
PID 1132 wrote to memory of 1276	1132	ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe	31
PID 1132 wrote to memory of 1276	1132	ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe	31
PID 1276 wrote to memory of 1444	1276	csc.exe	33
PID 1276 wrote to memory of 1444	1276	csc.exe	33
PID 1276 wrote to memory of 1444	1276	csc.exe	33

C:\Users\Admin\AppData\Local\Temp\ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe
"C:\Users\Admin\AppData\Local\Temp\ed72018e13161b4380f6339e1963d676f1a5e49d2fb86cf9e726727ef4bdd0c2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\6dmy2quf.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1480
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1EC9.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1EC8.tmp"
    3⤵
    PID:852
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cf-cd0ev.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES569A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5699.tmp"
    3⤵
    PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6dmy2quf.dll

Filesize
8KB

MD5
20ba46eb06f476f79de168563edfad61

SHA1
1f4dcb746a348cb0a1d73d38e8eb31261f79f7b8

SHA256
f03146dfea3ba13541da5ce06fe518a73b8204bfd430222104e213490f6531d3

SHA512
18e05efa58af383d240fd4c060e0bc3556331e17b41a5819fc3060be85912e566133a396e23500d5c9eab333c095a2f6833316d6456ee0339beeeddb4b53ee4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES1EC9.tmp

Filesize
1KB

MD5
b84427cc0673962f307d4fc1fc361f2f

SHA1
6793db044cf6ff957d5e577fe7fa82b16c550f30

SHA256
decc8c71f1f22c14d60824ec93727b09d4dbde8d335dc0be439015973eeba30c

SHA512
d8c49ac5c059d977dc9ff9dc49bd64f9beb6cc3dd296964a5870e10242725fea0d436a1ab23c8f822acc705c14449259feb02573f55e6badb85b699d728734b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES569A.tmp

Filesize
1KB

MD5
721e6f71d5f7b664905a3ef7804b390a

SHA1
de2b52cc2102b2595786773b32d6a69e8b6385b4

SHA256
70a411d0f8226dfc7700bbb40f199378fd1ea51c1b5b8af166576f0ce222d4af

SHA512
ca824d337aabe8a6e923a767cabd08f3899a705a5448850c2cd88e663ffe68642909c54131f672e0746a514f750828abf7856ab8135e4073fff077bff14656a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf-cd0ev.dll

Filesize
9KB

MD5
54c98b8f83ca5df475b1fee621c90ae7

SHA1
95cbeb193ae4be2c00a6ecde0e8b528d9caab629

SHA256
31681186671619dd08f020828fd9a5d075d580b9b26fbbeff1c4cf01a385bfce

SHA512
e835ac1058a5ddc15a68aeb6d047fa8692ad04a451da6461800c5066f765f328da7c30f694b91fa484eabbb1e3054eca99ef5fa105397aa23125691d7ad07097

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\6dmy2quf.0.cs

Filesize
10KB

MD5
fb01217e8ce4a28a622198e32c3e3379

SHA1
8b4614e295fbb55238f8f1e2daac85115906eb87

SHA256
4aa0bb88bc1631647e34d7b653c7b076ef6fd46855425aa03215f8f0d21f90fb

SHA512
22c7012362aee88d9fa80bbcd4fc6f3aa6322381e01b4f5034d385f91400c39657bb1985762db799fd2cfb99bbc12b20c3598259b26ad8a30a7a144e39e8038a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\6dmy2quf.cmdline

Filesize
639B

MD5
9e2bf54d03d81a94e813a1d584c31afd

SHA1
120d1df97d3e3cdf8076bb62cc16ddba630ccc7d

SHA256
82fc1a2c8ec2badc04f7972d79ad6a32b874425b2a9fa8d8d896e275c0015824

SHA512
5ef223df5e17e6e065d70e6da6a8188513bf6c9ba2030560398bcdb53b4a26aa9de77b3c3b8e20af530d687b17023e9fd9df3975b54f85420f7dd4cea047e90a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC1EC8.tmp

Filesize
652B

MD5
edf39d5db007803853dc136f0eb5a39e

SHA1
7f66d9fb39ddec4fa95264d6be0d0620df623e72

SHA256
7c32241771e659640b9183d03784fcfdd971077eba19ff16caa896ad0b4c3f42

SHA512
48cbbae5108e0830dabca74cf4b57a1f1dff3e1df0169b9a125bdeaf161657cc29599d54aa493a427dac3171cddfd74b5fa9fc90345b9a657b146141ee332afe

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC5699.tmp

Filesize
652B

MD5
899f448b3410f0110b4a00fb19ba66f6

SHA1
8a6aafec716936ce703ecd4999262c0635ba7c6d

SHA256
7c3ad9f68056dbb675f92f2b3df8b7d8414eb95d342b1b454ba620aa72cc724d

SHA512
e79dbc47913173ff8be22c16529f8b62cde8de31621222dd6dbbf760b02e193963beecc726a36ea8a5475812b5c314f529dcb75c7ca58440346a97a9b7adca05

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\cf-cd0ev.0.cs

Filesize
11KB

MD5
2bfb1dde57a4172c76292f3765dca81c

SHA1
f1aa7d32d70d0c91d353396ad026edf7d7923d40

SHA256
71d68c299d69bf541816338a86d7ebef6ac56f82e5a93b3aee6794d4d00cd942

SHA512
2a70be783887e4d1544d8a68d3fb6a0db240066223dc413be89f3b2765cd73df0d2a6a79bcb6f3971bda24d3fb582cc98bbd35fcd947032bc2c16db2325b00fb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\cf-cd0ev.cmdline

Filesize
639B

MD5
b2a9521e069554e6394b542202e119c8

SHA1
a9149d0da48fabf829fc083115a279e2eff7294f

SHA256
ba52debce2428cdfec4ee9f18efb159a66ebe9b81e0ad58786882536f2fee59f

SHA512
22d431cc9343474583d82e465c39acedec54817b16064cc629db13e16851be8f0b7be2922745269a708ded04f0bc7560e9210124c8526609999b45c05423dd00

Download Submit
memory/852-60-0x0000000000000000-mapping.dmp

Download
memory/1132-54-0x000007FEF42B0000-0x000007FEF4CD3000-memory.dmp

Filesize
10.1MB

Download
memory/1132-64-0x00000000002F6000-0x0000000000315000-memory.dmp

Filesize
124KB

Download
memory/1132-56-0x00000000002F6000-0x0000000000315000-memory.dmp

Filesize
124KB

Download
memory/1132-55-0x000007FEF2E40000-0x000007FEF3ED6000-memory.dmp

Filesize
16.6MB

Download
memory/1276-65-0x0000000000000000-mapping.dmp

Download
memory/1444-68-0x0000000000000000-mapping.dmp

Download
memory/1480-57-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads