cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92

General

Target

cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe
Size

3.0MB
MD5

279d59ff6254ed4e982ea78ba1d3441d
SHA1

6a19d95c7f6fe54a35969d4efd326e95ad36d900
SHA256

cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92
SHA512

f8765994500fcd56c59357ded60e2f58d42e748df807ea898f2004af3e7864a741aaf9b49967caff298f00d8c98f3ae80690eeb9d22e892b860c85774f2adbbb
SSDEEP

49152:ehqHMr7PcZ8GZKMPLofT0xwcit1GpIEhs3oGAypQxbY1o9JnCmyYAoFhIX7KlFkh:eMHO7vGEuyt16hFBypSbY1o9JCm

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe
File created	C:\Windows\assembly\Desktop.ini	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 1680	4832	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe	89
PID 4832 wrote to memory of 1680	4832	cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe	89
PID 1680 wrote to memory of 4212	1680	csc.exe	91
PID 1680 wrote to memory of 4212	1680	csc.exe	91

C:\Users\Admin\AppData\Local\Temp\cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe
"C:\Users\Admin\AppData\Local\Temp\cd903cec8d4fba98097afc9ceaec6f3075a224576b8c98a2752c462ac702fd92.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0lfw4p86.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3029.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3028.tmp"
    3⤵
    PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0lfw4p86.dll

Filesize
76KB

MD5
bbca6344cd1fc365084c5e58bfbf4602

SHA1
0b3861f29ba536d33d48bb81ed28c2a4cf711f3a

SHA256
34bd80b716281b4b89a0c938a31b678ce13cc382acbd255f00ca72382af54a5a

SHA512
b3e2d6880edabdf87555aeec2939d18c85166d6ce12fe3951a229454742a960f8478c1b6f6e2583a9e8d69e9b982e08fe024696d3817b1e816d9e686d1ae5b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES3029.tmp

Filesize
1KB

MD5
848ebf1f617a37bba4304e648b1ca248

SHA1
6347f5903e665295b54a135498e2aa1c996ed265

SHA256
83ef8f343a41872750164e919440d822b60189db23021594205fe08f40058b66

SHA512
03b0f690b8ca17ff88a0c37bef8e4aa9200db1dae79cb49b1742b601052341dcd5fa05e8d2d06c0931726ea8a365fbc5a6454b1e5e93c3bab2123f4f290eb2a8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\0lfw4p86.0.cs

Filesize
208KB

MD5
4ac13957251a40df4b96c962b4394110

SHA1
4efda244b70649598307ecd1b354920cb14d3f0a

SHA256
ad22fde040b72fd3120a93dcdac784e09baf27dabaa8715a00b130e06c192bdc

SHA512
0c755911cb697d37e3edcffb58ed4d012e6c058a273a360a4cc7681506a555a0ff23137738aa16e3a2f48dd5e0b0c8dcf321bd5f7af1d8a39651597334044dd5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\0lfw4p86.cmdline

Filesize
349B

MD5
3032008341515dc86b8841b19538e080

SHA1
d720d2790594cb36f254dd3f5162af17dbbaf534

SHA256
81fcc0f1b872815b0309129ceebc899defede0f2945e4cbbf3eee20e369db73c

SHA512
e0b4f1bd8ba100814c0484076f2a840bda84f557ab5fc5dc341f60f12728d5162eee42ab793ed8457d911f1508fcbbf74a1ffe70093c76602dac56168843f715

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC3028.tmp

Filesize
676B

MD5
24a850d7e428d4aca2ed31f41fd7af73

SHA1
5bc5165e5ebfb2d803358e1e2e7c14d416b07524

SHA256
5cfbad3d6577b3305818c770041bf6d693e96925ce8952897eb4a5a42e29daf9

SHA512
c580ff7ccbb4d9062bf066182881cd8ef18ce24c51b589fd924b245060c4edcb278c2c50f526fe2163f9d52f393cbf4d62efa8a6e0dbdb8f60ae7cf6f1c8a918

Download Submit
memory/1680-12-0x0000000002240000-0x0000000002250000-memory.dmp

Filesize
64KB

Download
memory/4832-5-0x000000001C4A0000-0x000000001C96E000-memory.dmp

Filesize
4.8MB

Download
memory/4832-0-0x00007FFF4AD00000-0x00007FFF4B6A1000-memory.dmp

Filesize
9.6MB

Download
memory/4832-1-0x0000000001530000-0x0000000001540000-memory.dmp

Filesize
64KB

Download
memory/4832-4-0x000000001BC70000-0x000000001BCCE000-memory.dmp

Filesize
376KB

Download
memory/4832-3-0x00007FFF4AD00000-0x00007FFF4B6A1000-memory.dmp

Filesize
9.6MB

Download
memory/4832-2-0x0000000001760000-0x000000000176E000-memory.dmp

Filesize
56KB

Download
memory/4832-20-0x000000001CF90000-0x000000001CFA6000-memory.dmp

Filesize
88KB

Download
memory/4832-6-0x000000001CA10000-0x000000001CAAC000-memory.dmp

Filesize
624KB

Download
memory/4832-23-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/4832-22-0x000000001CFD0000-0x000000001CFEA000-memory.dmp

Filesize
104KB

Download
memory/4832-26-0x0000000001770000-0x0000000001778000-memory.dmp

Filesize
32KB

Download
memory/4832-27-0x0000000001530000-0x0000000001540000-memory.dmp

Filesize
64KB

Download
memory/4832-28-0x00007FFF4AD00000-0x00007FFF4B6A1000-memory.dmp

Filesize
9.6MB

Download
memory/4832-29-0x0000000001530000-0x0000000001540000-memory.dmp

Filesize
64KB

Download
memory/4832-30-0x00007FFF4AD00000-0x00007FFF4B6A1000-memory.dmp

Filesize
9.6MB

Download
memory/4832-31-0x0000000001530000-0x0000000001540000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads