68d60c285991f89b754b957acd9293a5ae67dc5b5340d0d1babc476a7d71663e

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3e64ba7bf2704a2536f134be4fa93ab.exe
Size

168KB
MD5

a3e64ba7bf2704a2536f134be4fa93ab
SHA1

73b1487d8011073b44ccebbbaac639932c11e05d
SHA256

68d60c285991f89b754b957acd9293a5ae67dc5b5340d0d1babc476a7d71663e
SHA512

7e0377beeaacb4300b632fd002f0a9a14e31a74bcae905457d490ba1e4efe0046c2bb99af28e593db00eab952bbf48a9244dafbb172ccd78fb7d9e292eb36843
SSDEEP

3072:hefpz7u5IUt4U4rAazG32GhNv0yHsjZj0jjjjjjjjjQjjjjjjjjjrjjjjjVQj1jL:aN7u5d8k2GhNDDA4x8S

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2584	1556	a3e64ba7bf2704a2536f134be4fa93ab.exe	28
PID 1556 wrote to memory of 2584	1556	a3e64ba7bf2704a2536f134be4fa93ab.exe	28
PID 1556 wrote to memory of 2584	1556	a3e64ba7bf2704a2536f134be4fa93ab.exe	28
PID 2584 wrote to memory of 2808	2584	csc.exe	30
PID 2584 wrote to memory of 2808	2584	csc.exe	30
PID 2584 wrote to memory of 2808	2584	csc.exe	30

C:\Users\Admin\AppData\Local\Temp\a3e64ba7bf2704a2536f134be4fa93ab.exe
"C:\Users\Admin\AppData\Local\Temp\a3e64ba7bf2704a2536f134be4fa93ab.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sx3piz0t.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES426E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC425D.tmp"
    3⤵
    PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES426E.tmp

Filesize
1KB

MD5
6ee3d04690e7b3a67f384a483fc439df

SHA1
4102ed30975d2e5d9c8986132e327e7264e16503

SHA256
ca8f8bb06f528ade09d808e109abb6e7580f2ebf1260dc5d1ee6fa9758223cb9

SHA512
dbd47b8a54558c4ed6bf8e660be54e0b385565c813b53e87e6544ea0452c933a35605b2b22ecfe7d3d0bbd0c156f646f498c0d03bb9b9870fc9042aeff9a5289

Download Submit
C:\Users\Admin\AppData\Local\Temp\sx3piz0t.dll

Filesize
12KB

MD5
a56b638c3b5455c19f5154bb4adcf344

SHA1
3c8afb837e33f11a2f10f27e01f30e9cfb52c951

SHA256
0019273dd88bcefd0bb68021a62ae450a071d490bc8fab472b79770bfe284e1b

SHA512
d85375c3e7ea8ddd036e56e613bbbabeb7a75ee71e51d1a5ac73ee5bec6e31ecb6b429458239744a2d3135d6e6b5bb250f9b680c70f73fbe32fe8ebfbe57b4f1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC425D.tmp

Filesize
664B

MD5
343e814e5f16fdd650088ecbcded458c

SHA1
54723092f236ae49dde234d8b4323e78df6c3576

SHA256
9b06baea95fa06a37c0fc4336edc1f142d5f1f97c44a1cc3f535b98050162392

SHA512
a90dcca6c3ebf6eff8dc79c2a87b1b73cc4fa72938bfa9fee5f01ba26baae6b2d9f0ee3e9ebe866c912688c47f9f9095cf697e1d625faaefaa9ce6aaab3ac552

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\sx3piz0t.0.cs

Filesize
27KB

MD5
ca5131218f6c630c77d0382fbf502a13

SHA1
1ac0f5c629bdb21a04a0e617f36807e9dca8cf04

SHA256
23c02ffed997cbef2981de92298ea45d69c394dae342592e8a38c1abd280d7e1

SHA512
799f3d147e4398a1fe91f5809081781d9526a4e106ea8d92a51974357b7adbf608573bedd28264c6006fd69e4040eb628bbec4c8f9a66e8f51c6e3265de02292

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\sx3piz0t.cmdline

Filesize
425B

MD5
3146a883b006a04d49863b473a50a08a

SHA1
9a4ebd2516d90eee4b1913240d8b7d1c7a08aaae

SHA256
8a397881556767dd856825b93f50354f6f8ae228a92825c11df2fb53755af9f8

SHA512
cea78940357e86a21224de61cfaa3f0c5df617e30fc9af5126a8ecc95325022beb8993f4d14b9751d2e0901df7c63d0f7b7f2358bdfcc3c5133083612fce8d50

Download Submit
memory/1556-3-0x0000000001E90000-0x0000000001F10000-memory.dmp

Filesize
512KB

Download
memory/1556-5-0x0000000001E90000-0x0000000001F10000-memory.dmp

Filesize
512KB

Download
memory/1556-4-0x0000000001E90000-0x0000000001F10000-memory.dmp

Filesize
512KB

Download
memory/1556-0-0x000007FEF5D00000-0x000007FEF669D000-memory.dmp

Filesize
9.6MB

Download
memory/1556-18-0x0000000001E70000-0x0000000001E7A000-memory.dmp

Filesize
40KB

Download
memory/1556-2-0x000007FEF5D00000-0x000007FEF669D000-memory.dmp

Filesize
9.6MB

Download
memory/1556-1-0x0000000001E90000-0x0000000001F10000-memory.dmp

Filesize
512KB

Download
memory/1556-20-0x000007FEF5D00000-0x000007FEF669D000-memory.dmp

Filesize
9.6MB

Download
memory/1556-21-0x0000000001E90000-0x0000000001F10000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads