1949a639f8962e0790988afa011b7049ce89660d59dbc0d27e29e02efdefda32

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 11:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Sourceforge_1578.exe
Size

95KB
MD5

718f09ae31eab04b26256228eeea2afa
SHA1

926d4303b403cd199a5d930be15ccfeaa519c238
SHA256

1949a639f8962e0790988afa011b7049ce89660d59dbc0d27e29e02efdefda32
SHA512

41adcc7eb30f2a4affe4cbff830301800cfa9da64fa670fdbb1a0ce84717a0afd6c56634371d4ad27ef5dd5a23adaa4234b65b4f4a51769f231d03c619f3c8a0
SSDEEP

1536:1MWiZQgOVBLa8t/VdGHUqxtLUeoLNzNyD1m8Ez/nFL/SOY4xg6B8jLXkcHscpnET:1MWiZQgOdbSt4L1cETFDSOYoMjLxscp6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 3056	2856	Sourceforge_1578.exe	28
PID 2856 wrote to memory of 3056	2856	Sourceforge_1578.exe	28
PID 2856 wrote to memory of 3056	2856	Sourceforge_1578.exe	28
PID 3056 wrote to memory of 2700	3056	csc.exe	30
PID 3056 wrote to memory of 2700	3056	csc.exe	30
PID 3056 wrote to memory of 2700	3056	csc.exe	30

C:\Users\Admin\AppData\Local\Temp\Sourceforge_1578.exe
"C:\Users\Admin\AppData\Local\Temp\Sourceforge_1578.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rcjsx-om.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7B2A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7B29.tmp"
    3⤵
    PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES7B2A.tmp

Filesize
1KB

MD5
1107437db6d4a325fc307033c038fa05

SHA1
74931d0e777eeadc5bf63b8f036642fe93769d38

SHA256
9ab96dd448f0ecd1a548f1b3c00032f6670ea9e452ca6f18c7204a7e0e90f4b7

SHA512
3a47a8baf695eeb8dbfd7ac5141c74f39b2d6745359a2d06a9bd4034b87f10e2cd458a0b3d2ca334d3c6ebe5f5710f882160e73d200142ad82cfcffc60782b69

Download Submit
C:\Users\Admin\AppData\Local\Temp\rcjsx-om.dll

Filesize
8KB

MD5
a4c57b8535ca20515710f61c039c9817

SHA1
7c2ee6ddae448c5bd33546a0438277d02898a93a

SHA256
e59643bd94a235cf49c282f87a13c8a549efbd541eaf8f9c52cc405237eee53e

SHA512
429874e91a27744671ccae4e53301ed55651faa6ba0ffb17a8babdac60eaa6411949e0c56564504592c3d1acbad4c42de2cf483ef3c77694c79fcf1fdf169951

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC7B29.tmp

Filesize
652B

MD5
62e4d9b9f26ff130bf081e4886b3d994

SHA1
d3e146be6496d3f621e0bf5909469854deab9f2b

SHA256
31b3620cbdf7e67c2bddb1617224b59573875b8c67194b476b78f68cbc39d978

SHA512
82d65bde84adffa9242e5f6d738947e882f521af36520fb9277cc77da62dfb3b39021ce0cc443ca58c0771f385cb1dc85d35ec546c6c5155c425ede4bd4d98c3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rcjsx-om.0.cs

Filesize
10KB

MD5
1620bd875053f37fa31494368ab5817e

SHA1
9adf0e94a4cc84ce04476b7042965343b375642f

SHA256
7985fbcd4700c64ea8cda5169dc13d61cf6912db075fabceb8ea5f7522e29370

SHA512
067bb352ab928d4d0c71732ce3c84eac85a9f9a50233bf38d7944415743fc6eed8e1d38ef843ce9d3ba47f1189f6cb00ad7f4037c52d3fe89fc76a53859b6a52

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rcjsx-om.cmdline

Filesize
409B

MD5
4de216948427bf1b1e8f4a40d7b12941

SHA1
ccc17ce8ba0fc88c5c5b20c121b8f49b82d983e1

SHA256
b6041add315f157f2a80e27822da1a401d5e015a416b26ecab70337ebb686a17

SHA512
6ab216669a3c9062a1d2f4ec3558babadf9c6f56f2d5f5b22d17cc4196bbd43c341205cb749a2a6bc1b7fca628fa4cf05c6893d1ce3f3bf0332c0d8260e4ceef

Download Submit
memory/2856-4-0x0000000000B20000-0x0000000000BA0000-memory.dmp

Filesize
512KB

Download
memory/2856-0-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/2856-3-0x0000000000B20000-0x0000000000BA0000-memory.dmp

Filesize
512KB

Download
memory/2856-2-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/2856-1-0x0000000000B20000-0x0000000000BA0000-memory.dmp

Filesize
512KB

Download
memory/2856-17-0x0000000000530000-0x0000000000538000-memory.dmp

Filesize
32KB

Download
memory/2856-19-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/2856-20-0x0000000000B20000-0x0000000000BA0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads