f9cf48c044d90c94f4814a0577cc36a7ba1ac5dbc9652b2e0e498162a042494d

Analysis

max time kernel
128s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
19-03-2024 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
Size

13KB
MD5

da0f40d84d72ae3e9324ad9a040a2e58
SHA1

4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256

818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512

30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9
SSDEEP

384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4352	screenCapture_1.3.2.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 5012	4584	cmd.exe	76
PID 4584 wrote to memory of 5012	4584	cmd.exe	76
PID 4584 wrote to memory of 5012	4584	cmd.exe	76
PID 5012 wrote to memory of 3564	5012	csc.exe	77
PID 5012 wrote to memory of 3564	5012	csc.exe	77
PID 5012 wrote to memory of 3564	5012	csc.exe	77
PID 4584 wrote to memory of 4352	4584	cmd.exe	78
PID 4584 wrote to memory of 4352	4584	cmd.exe	78

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES73F7.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC9CDE0519F20548C2A93FA6A2CBEEF616.TMP"
    3⤵
    PID:3564
- C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
  screenCapture_1.3.2.exe
  2⤵
  - Executes dropped EXE
  PID:4352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES73F7.tmp

Filesize
1KB

MD5
52e2e6a2b84778dac8ee3bfd29113743

SHA1
df6c760200ca045b2e0662c7957e9ff40775e371

SHA256
47d7d057207df5f37563c60ad162574de852b2b42a49bc92007fc64e4a674f8a

SHA512
bb683956c11be21e0280b22889350c73743b836e0272971c6bcdb7a9d4f7829a3f17017b284834c1b93eb0a93bcea7672f9b910ec26a5544e101560a90cbcef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

Filesize
12KB

MD5
27fd8121626e1120036019864dfb63dd

SHA1
aaac4d99180961ea9992d407b55fb53b480d9150

SHA256
ec3b0a99330040c25231c96bc00bf472b83596f6b19140701b006403257cb300

SHA512
294358f29f903a636385447c16ed8f3b1e9707f9a4af6aa91c4c23ac69690ec122bdeedca767fcfb9cff6c638874ca3f2afddd68d66879dd4ddc06cf2e0eb8ad

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC9CDE0519F20548C2A93FA6A2CBEEF616.TMP

Filesize
1KB

MD5
a6f2d21624678f54a2abed46e9f3ab17

SHA1
a2a6f07684c79719007d434cbd1cd2164565734a

SHA256
ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

SHA512
0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

Download Submit
memory/4352-9-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/4352-11-0x00007FFC90510000-0x00007FFC90EFC000-memory.dmp

Filesize
9.9MB

Download
memory/4352-12-0x00007FFC90510000-0x00007FFC90EFC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads