Analysis
-
max time kernel
93s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
08-02-2024 01:17
Behavioral task
behavioral1
Sample
9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe
Resource
win10v2004-20231215-en
General
-
Target
9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe
-
Size
1.1MB
-
MD5
f6ccd7d54c0d360846211977110a7c20
-
SHA1
be26eb65426c1ac5a4b45d6493cc3c810f6a2419
-
SHA256
9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16
-
SHA512
8c208674cbb6947db7f67150382124d0665d9fbb3ae0770fce88bbfa8ccb160cdb68e56a0d7416d60b242354524cbd05a8ccbc83a87adb75e9bd60845f5ad190
-
SSDEEP
24576:FD9O4MROxnFE30dc1RurZlI0AilFEvxHi6G:FhNMiuHburZlI0AilFEvxHi
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe File opened for modification C:\Windows\assembly\Desktop.ini 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\Boot\err_bff5c852ae7b4868a2aa18ea8de24aa3.dat 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe File opened for modification C:\Windows\assembly\Desktop.ini 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe File opened for modification C:\Windows\assembly 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1632 wrote to memory of 4148 1632 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe 84 PID 1632 wrote to memory of 4148 1632 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe 84 PID 4148 wrote to memory of 2644 4148 csc.exe 86 PID 4148 wrote to memory of 2644 4148 csc.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe"C:\Users\Admin\AppData\Local\Temp\9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fvkekqh-.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:4148 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES88D8.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC88C7.tmp"3⤵PID:2644
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD519ec5637f1301865193199fbeb0a421c
SHA1d0456bb5d5c7c7c5bc87e2b4caa8d4929ccb77e1
SHA2561ff7b40bf1b6ea332956a702edf8e31d1dffebce4ed975519a1b753b9c154408
SHA51228fb4e206c6a8250b84caf29f9901aa25b05f478ebec66f113586e91e14186aa9d3838ba48a3e27c05326008fc1e5d5aaeae1c149653117d9dce83602ef8b26b
-
Filesize
76KB
MD5d21d2deddc8f1725114427feb571f419
SHA18a5765d41a113ae1db556ffac221c352892d8157
SHA256c3592a3a3f3c804b4c8a3959eb6819a044dfd9d86109ba45be8791bc038ab7cf
SHA5128364f3506ee738cd36bd6b21546787b089d43cafea695aad595a5a55624f748afc2043051d6870fbd7c2b68bf150280231161b4c53dc294417db8507706c797d
-
Filesize
676B
MD5fde0d9304947025e996ecf013c9e2fa5
SHA152e4aadbc64ee23b416551b33f89582d6a118986
SHA2569f924061cc4e12e4a594a2b8e5baa30f8a59016856e80d0fc496802f62b33c29
SHA512eb88a4f9c2fd3767b48dfea920b0214c82cd5b7050bcc4fa442f647e4257a7282028e9c0cc19749e22752e68c4e641831983ef57d89e42bbcf340d796ec3cf16
-
Filesize
208KB
MD501fab3e8f12e859e450512e784682bb7
SHA1397b5bad305a19c3e6311905ebf6fcd00063d8b8
SHA256bbd4e7ce8fd591746910b8e6ab05a7875a1e382938db0afa5a0d2dc47c477076
SHA51235ec42bce68b3041eff542c96b11952c1b1496a6f3322b23ab72c56751d14f79c17d29ea0b85a7674fe596b8c4ab5a40eef5186d7528d360eee814731549faf1
-
Filesize
349B
MD559469f8b91afa32d9312365f23cb3e33
SHA1ba2832760c8e9cc12783a0d5f0cd83de5dab5dd0
SHA2567cc778b390919acef1945a7544b14f49607e1e109c0d29328423d13fe383fb41
SHA512457f68f09fbf2c80cf6bc634c679519f4e2bb7de81172bb70ab6abbc1da42f0983038fb380052e8d3d5f0a9dbffc0930c8c05dd6741ef2296442439aa97f798b