Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-02-2024 01:17

General

  • Target

    9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe

  • Size

    1.1MB

  • MD5

    f6ccd7d54c0d360846211977110a7c20

  • SHA1

    be26eb65426c1ac5a4b45d6493cc3c810f6a2419

  • SHA256

    9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16

  • SHA512

    8c208674cbb6947db7f67150382124d0665d9fbb3ae0770fce88bbfa8ccb160cdb68e56a0d7416d60b242354524cbd05a8ccbc83a87adb75e9bd60845f5ad190

  • SSDEEP

    24576:FD9O4MROxnFE30dc1RurZlI0AilFEvxHi6G:FhNMiuHburZlI0AilFEvxHi

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe
    "C:\Users\Admin\AppData\Local\Temp\9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wzp3zi35.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES50CF.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC50CE.tmp"
        3⤵
          PID:2328

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RES50CF.tmp

      Filesize

      1KB

      MD5

      881b68fe84619f5bb0927eccf1b3d7c0

      SHA1

      10ba44092a37b623773168ce799e5daf3241b293

      SHA256

      9fd596d38c4b0ad83138339132df981715c6eb8290adfaf8891a2ab86193d364

      SHA512

      65dba202160643043a80ab93a4976d9d16d99093965595b867705239e9ab9bd229c044b67319ee29cb2ff8e764da057eceb0a694663c13f6d336cb346c2165f7

    • C:\Users\Admin\AppData\Local\Temp\wzp3zi35.dll

      Filesize

      76KB

      MD5

      38024dd88ba38de8fe73af47024c3e82

      SHA1

      f7658aea9c73fff6281e7812dcf2890525f92cce

      SHA256

      751cc146ae351309dc1fe89fc9f05d3b5c0a2b1f7dcb3143892f4bda022211eb

      SHA512

      550a4f0b5f60b5dde416bc029186a18b592a5f130db9ce855645545d9b4317d5baf829c5eadefe5800786f389ffc776680e579000c92dcc9cb65f8a4900edae5

    • \??\c:\Users\Admin\AppData\Local\Temp\CSC50CE.tmp

      Filesize

      676B

      MD5

      c942ef5e94872f168daca1eaf09d2551

      SHA1

      f173d36350d9e94f52cc09bfdd5042987191cad7

      SHA256

      b91af778274a42ab9de1f778511729babaf8c87145422651e60d359e29e9c0af

      SHA512

      c94f32a36514c41d8f1a0c84329c4e17602caa8d2d4b61ce5bdc70a18602cd0e71fe0ef3bbd9da7b14069af1c3003a8c4431b46e4a8b7d56aab480716d06a966

    • \??\c:\Users\Admin\AppData\Local\Temp\wzp3zi35.0.cs

      Filesize

      208KB

      MD5

      250321226bbc2a616d91e1c82cb4ab2b

      SHA1

      7cffd0b2e9c842865d8961386ab8fcfac8d04173

      SHA256

      ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d

      SHA512

      bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1

    • \??\c:\Users\Admin\AppData\Local\Temp\wzp3zi35.cmdline

      Filesize

      349B

      MD5

      5501784f9d129c6ea19346e71c4ce741

      SHA1

      687d80c0adcfbd22a48b6bdd0c1cfa613c0c5f9f

      SHA256

      205214420ad4ff2b7a4557bca09610e32cfd7d662282f52a5ad2c4dfe087e70d

      SHA512

      dbd3a93908762e1bc54601bee6d1075ddc9873939d7d8895064b8aa160af1d93c79a591dc8e9b2f49f2080582b61c913662c7d1e8dffa43cae8d6a20b23775d6

    • memory/2288-4-0x0000000002080000-0x0000000002100000-memory.dmp

      Filesize

      512KB

    • memory/2288-0-0x000000001AEB0000-0x000000001AF0C000-memory.dmp

      Filesize

      368KB

    • memory/2288-3-0x000007FEF5A10000-0x000007FEF63AD000-memory.dmp

      Filesize

      9.6MB

    • memory/2288-2-0x000007FEF5A10000-0x000007FEF63AD000-memory.dmp

      Filesize

      9.6MB

    • memory/2288-1-0x00000000005B0000-0x00000000005BE000-memory.dmp

      Filesize

      56KB

    • memory/2288-17-0x0000000002310000-0x0000000002326000-memory.dmp

      Filesize

      88KB

    • memory/2288-19-0x00000000005E0000-0x00000000005F2000-memory.dmp

      Filesize

      72KB

    • memory/2288-20-0x0000000001F40000-0x0000000001F48000-memory.dmp

      Filesize

      32KB

    • memory/2288-21-0x0000000001F50000-0x0000000001F58000-memory.dmp

      Filesize

      32KB

    • memory/2288-22-0x0000000002080000-0x0000000002100000-memory.dmp

      Filesize

      512KB

    • memory/2288-23-0x000007FEF5A10000-0x000007FEF63AD000-memory.dmp

      Filesize

      9.6MB