cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/04/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe
Size

3.0MB
MD5

279d59ff6254ed4e982ea78ba1d3441d
SHA1

6a19d95c7f6fe54a35969d4efd326e95ad36d900
SHA256

cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92
SHA512

f8765994500fcd56c59357ded60e2f58d42e748df807ea898f2004af3e7864a741aaf9b49967caff298f00d8c98f3ae80690eeb9d22e892b860c85774f2adbbb
SSDEEP

49152:ehqHMr7PcZ8GZKMPLofT0xwcit1GpIEhs3oGAypQxbY1o9JnCmyYAoFhIX7KlFkh:eMHO7vGEuyt16hFBypSbY1o9JCm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2008	1104	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe	28
PID 1104 wrote to memory of 2008	1104	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe	28
PID 1104 wrote to memory of 2008	1104	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe	28
PID 2008 wrote to memory of 1696	2008	csc.exe	30
PID 2008 wrote to memory of 1696	2008	csc.exe	30
PID 2008 wrote to memory of 1696	2008	csc.exe	30

C:\Users\Admin\AppData\Local\Temp\cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe
"C:\Users\Admin\AppData\Local\Temp\cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pmxyazvs.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES15E2.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC15E1.tmp"
    3⤵
    PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES15E2.tmp

Filesize
1KB

MD5
8a5ad7409ee4f73f269139000f021ae8

SHA1
b0daebcbffc698a06f8af4a6120e71c1c9be528d

SHA256
3b6d2ad16ae24f2db4f77f8a796fcce31f4bf7eb8820418de559e981fa97b19a

SHA512
c869087393a046f22140c66c22d7d1ee6c4782d3702c3666c724f4b71a5d881f689a239354f9c0f143ab189fb8ceef6baf462565b52c809299b50deeb15e9689

Download Submit
C:\Users\Admin\AppData\Local\Temp\pmxyazvs.dll

Filesize
76KB

MD5
5db24ed32ee8ca162d2ef2be2f219d7a

SHA1
dc02e2fd924d2f995b3fc28af67bcb1690e256cb

SHA256
75dcea00f640f7d1e1a096e92f4b464d08078c8d169b9de8bfaade63bc313206

SHA512
583a5ce1d2654c8a054922f634304a46ff5df11ca9a6b20e6c80e00a33d212c1c6693698e03078fad74d8f1e055054823075f8bf67e4cfb91f28b4d91c06c3fb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC15E1.tmp

Filesize
676B

MD5
73588fbff2e4f2503a33b995567a0f86

SHA1
b0d5814cdc6d2e56ff6cd84352dc895f598c4be2

SHA256
0b6435b27824f961a80746b594b409abd97b8889af77e92676283ce089f2ed2b

SHA512
ee1695cf963139f4f267dda8893189aaaef6933aa19afe064d1ababde9ad6720232a5b2408e959ecaf4185a28621cb94912d0916bec81ad08cb4a7c31e2e8015

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pmxyazvs.0.cs

Filesize
208KB

MD5
34c175e927202a24230b71c017a870f5

SHA1
a0f5a234c6f54685ebae9b957e13616db6f21913

SHA256
a4bc957bd2f3f7b8b7d4b2c97786e4794af7432239ae25dafb2238cb6421abf9

SHA512
3090936c727bdd465cbd4dae611704a675ef75accd010bc40f7b5ecc730d1ed4a7ea17a76e6b5caf559fa52b50092ed6c46c851c37d199cd18a0bf8f0080397b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pmxyazvs.cmdline

Filesize
349B

MD5
72a9ad338b50e1543010c8b1e7194347

SHA1
1028dd65ab96a3964326ab6c78a9bb083e39a3d8

SHA256
a0dd6e31127508272c81a0acf4ed6546b7569417e46769311145938ad1228ce8

SHA512
b89b5ee7be5f128cabfc64a3b089e5c895fff1b2721fcaae8ae1292fb9dba20596e813e7f768d63975c408c8ede6c02958fe873d9f917641ea7c714f6f0245a9

Download Submit
memory/1104-4-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

Filesize
9.6MB

Download
memory/1104-0-0x0000000000650000-0x000000000065E000-memory.dmp

Filesize
56KB

Download
memory/1104-17-0x0000000000A00000-0x0000000000A16000-memory.dmp

Filesize
88KB

Download
memory/1104-1-0x0000000001280000-0x00000000012DE000-memory.dmp

Filesize
376KB

Download
memory/1104-3-0x00000000002C0000-0x0000000000340000-memory.dmp

Filesize
512KB

Download
memory/1104-2-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

Filesize
9.6MB

Download
memory/1104-20-0x0000000000640000-0x0000000000650000-memory.dmp

Filesize
64KB

Download
memory/1104-19-0x0000000000A20000-0x0000000000A3A000-memory.dmp

Filesize
104KB

Download
memory/1104-21-0x00000000002C0000-0x0000000000340000-memory.dmp

Filesize
512KB

Download
memory/1104-22-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

Filesize
9.6MB

Download
memory/1104-23-0x00000000002C0000-0x0000000000340000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads