Analysis
-
max time kernel
133s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 16:04
Behavioral task
behavioral1
Sample
Resolver.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Resolver.exe
Resource
win10v2004-20240426-en
General
-
Target
Resolver.exe
-
Size
11.9MB
-
MD5
d385342c9669e08fd8c1e21760fac99e
-
SHA1
0beec1c3bc413f376b033e660a8a3a9b7dc77115
-
SHA256
03d353b5711ba8f6c9139fe2a8dc17710260cbc52818758083b22754526ff2fc
-
SHA512
517d16f94073ed9e58821f559ada27a9b970a4407ad014b03950aa58910f655b02c0399f2e5199c647724951a8d1e3765b8c2949f5ef22bf593add019bd7354f
-
SSDEEP
196608:lnRkU1/wbITLwOjUqVL2V76+D+nNgwQ+dtLI/1q3+dgSh7ki0W8/Lawr86r/BoLx:1KU1obI/fL2V76myNjyq3+d9h7SW8BrW
Malware Config
Signatures
-
Loads dropped DLL 18 IoCs
pid Process 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe 4796 Resolver.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2268 wrote to memory of 4796 2268 Resolver.exe 85 PID 2268 wrote to memory of 4796 2268 Resolver.exe 85
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
Filesize
77KB
MD5a1fbcfbd82de566a6c99d1a7ab2d8a69
SHA13e8ba4c925c07f17c7dffab8fbb7b8b8863cad76
SHA2560897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095
SHA51255679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04
-
Filesize
59KB
MD5ad6e31dba413be7e082fab3dbafb3ecc
SHA1f26886c841d1c61fb0da14e20e57e7202eefbacc
SHA2562e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4
SHA5126401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452
-
Filesize
150KB
MD5a6bee109071bbcf24e4d82498d376f82
SHA11babacdfaa60e39e21602908047219d111ed8657
SHA256ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f
SHA5128cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336
-
Filesize
26KB
MD58dd33fe76645636520c5d976b8a2b6fc
SHA112988ddd52cbb0ce0f3b96ce19a1827b237ed5f7
SHA2568e7e758150ea066299a956f268c3eb04bc800e9f3395402cd407c486844a9595
SHA512e7b4b5662ebd8efb2e4b6f47eb2021afacd52b100db2df66331ca79a4fb2149cac621d5f18ab8ab9cfadbd677274db798ebad9b1d3e46e29f4c92828fd88c187
-
Filesize
73KB
MD5c5378bac8c03d7ef46305ee8394560f5
SHA12aa7bc90c0ec4d21113b8aa6709569d59fadd329
SHA256130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9
SHA5121ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856
-
Filesize
152KB
MD59d810454bc451ff440ec95de36088909
SHA18c890b934a2d84c548a09461ca1e783810f075be
SHA2565a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7
SHA5120800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed
-
Filesize
60KB
MD563cb15c35973016a2faa85b6498e7e6e
SHA1e4b29cfb1816cbb4dca48cb1c198ca77e62c1d2a
SHA256fee72ad34e2ee6d0156d7521f3fda7fe1c336201db4e694bfacbf20f3de3845a
SHA512ff63fc2f4b24c5001124b86414bcab95044661e71220308deaa92aef79184e559b28852029079369f38926d9fdd14d524d43ab6fc9e950d7287b05805dfb1d10
-
Filesize
1.0MB
MD570ec6d66d1b37d465c736d30e4926f87
SHA14ce9c58948b3675e13cf36dcbbfa282b154bb7da
SHA256997536d0738397b389ef1229996bddcfad658fb2410180260d70914c6bdc8629
SHA5128e2897db3bdb8fe71ca08528a05aa9387f659177189209b41818b053b86fc5b035ba4d974d1ecfc12cd210e13a52aed78a899769d227eb0ef48fa517ca0ee693
-
Filesize
3.3MB
MD5ab01c808bed8164133e5279595437d3d
SHA10f512756a8db22576ec2e20cf0cafec7786fb12b
SHA2569c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
SHA5124043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2
-
Filesize
682KB
MD5de72697933d7673279fb85fd48d1a4dd
SHA1085fd4c6fb6d89ffcc9b2741947b74f0766fc383
SHA256ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f
SHA5120fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c
-
Filesize
60KB
MD50812ee5d8abc0072957e9415ba6e62f2
SHA1ea05c427e46c5d9470ba81d6b7cbca6838ee0dd5
SHA25684a29c369560c5175d22ee764fe8ada882ab6b37b6b10c005404153518a344ec
SHA51218ca5631f2ae957b9ec8eaa7aa87094d3a296548790ced970752625a0f271511e0ce0042a0ea5469a9c362a0d811c530ef6fe41b84c61b25c838466acc37f22b
-
Filesize
4.2MB
MD5a1185bef38fdba5e3fe6a71f93a9d142
SHA1e2b40f5e518ad000002b239a84c153fdc35df4eb
SHA2568d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e
SHA512cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4
-
Filesize
25KB
MD563ede3c60ee921074647ec0278e6aa45
SHA1a02c42d3849ad8c03ce60f2fd1797b1901441f26
SHA256cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5
SHA512d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad
-
Filesize
1.8MB
MD575909678c6a79ca2ca780a1ceb00232e
SHA139ddbeb1c288335abe910a5011d7034345425f7d
SHA256fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA51291689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf
-
Filesize
34KB
MD5bd4ff2a1f742d9e6e699eeee5e678ad1
SHA1811ad83aff80131ba73abc546c6bd78453bf3eb9
SHA2566774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb
SHA512b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43
-
Filesize
21KB
MD508edf746b4a088cb4185c165177bd604
SHA1395cda114f23e513eef4618da39bb86d034124bf
SHA256517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c
SHA512c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b
-
Filesize
1KB
MD5e9117326c06fee02c478027cb625c7d8
SHA12ed4092d573289925a5b71625cf43cc82b901daf
SHA256741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52
-
Filesize
746B
MD5a387908e2fe9d84704c2e47a7f6e9bc5
SHA1f3c08b3540033a54a59cb3b207e351303c9e29c6
SHA25677265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339
SHA5127ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63
-
Filesize
25KB
MD5982eae7a49263817d83f744ffcd00c0e
SHA181723dfea5576a0916abeff639debe04ce1d2c83
SHA256331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f
SHA51231370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129
-
Filesize
620B
MD507532085501876dcc6882567e014944c
SHA16bc7a122429373eb8f039b413ad81c408a96cb80
SHA2566a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe
SHA5120d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76
-
Filesize
23KB
MD5ddb0ab9842b64114138a8c83c4322027
SHA1eccacdc2ccd86a452b21f3cf0933fd41125de790
SHA256f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948
SHA512c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463
-
Filesize
5KB
MD5c62fb22f4c9a3eff286c18421397aaf4
SHA14a49b8768cff68f2effaf21264343b7c632a51b2
SHA256ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89
SHA512558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185
-
Filesize
11KB
MD5215262a286e7f0a14f22db1aa7875f05
SHA166b942ba6d3120ef8d5840fcdeb06242a47491ff
SHA2564b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f
SHA5126ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b
-
Filesize
1.5MB
MD54b6270a72579b38c1cc83f240fb08360
SHA11a161a014f57fe8aa2fadaab7bc4f9faaac368de
SHA256cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08
SHA5120c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9
-
Filesize
21KB
MD5aeb53f7f1506cdfdfe557f54a76060ce
SHA1ebb3666ee444b91a0d335da19c8333f73b71933b
SHA2561f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5
SHA512acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43
-
Filesize
17KB
MD5f109865c52d1fd602e2d53e559e56c22
SHA15884a3bb701c27ba1bf35c6add7852e84d73d81f
SHA256af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048
SHA512b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc
-
Filesize
10KB
MD5995a0a8f7d0861c268aead5fc95a42ea
SHA121e121cf85e1c4984454237a646e58ec3c725a72
SHA2561264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85
SHA512db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7
-
Filesize
14KB
MD5804e6dce549b2e541986c0ce9e75e2d1
SHA1c44ee09421f127cf7f4070a9508f22709d06d043
SHA25647c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801
SHA512029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b
-
Filesize
38KB
MD5078782cd05209012a84817ac6ef11450
SHA1dba04f7a6cf34c54a961f25e024b6a772c2b751d
SHA256d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89
SHA51279a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562
-
Filesize
5KB
MD5286c01a1b12261bc47f5659fd1627abd
SHA14ca36795cab6dfe0bbba30bb88a2ab71a0896642
SHA256aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9
SHA512d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54
-
Filesize
376B
MD53367ce12a4ba9baaf7c5127d7412aa6a
SHA1865c775bb8f56c3c5dfc8c71bfaf9ef58386161d
SHA2563f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898
SHA512f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb
-
Filesize
7KB
MD5857add6060a986063b0ed594f6b0cd26
SHA1b1981d33ddea81cfffa838e5ac80e592d9062e43
SHA2560da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05
SHA5127d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1
-
Filesize
12KB
MD55249cd1e97e48e3d6dec15e70b9d7792
SHA1612e021ba25b5e512a0dfd48b6e77fc72894a6b9
SHA256eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f
SHA512e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc
-
Filesize
16KB
MD577dfe1baccd165a0c7b35cdeaa2d1a8c
SHA1426ba77fc568d4d3a6e928532e5beb95388f36a0
SHA2562ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277
SHA512e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb
-
Filesize
34KB
MD57c2ac370de0b941ae13572152419c642
SHA17598cc20952fa590e32da063bf5c0f46b0e89b15
SHA2564a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e
SHA5128325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3
-
Filesize
23KB
MD5338184e46bd23e508daedbb11a4f0950
SHA1437db31d487c352472212e8791c8252a1412cb0e
SHA2560f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9
SHA5128fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3
-
Filesize
2KB
MD5d4bf1af5dcdd85e3bd11dbf52eb2c146
SHA1b1691578041319e671d31473a1dd404855d2038b
SHA256e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf
SHA51225834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd
-
Filesize
4KB
MD518ec3e60b8dd199697a41887be6ce8c2
SHA113ff8ce95289b802a5247b1fd9dea90d2875cb5d
SHA2567a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91
SHA5124848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19
-
Filesize
5KB
MD580331fcbe4c049ff1a0d0b879cb208de
SHA14eb3efdfe3731bd1ae9fd52ce32b1359241f13cf
SHA256b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b
SHA512a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87
-
Filesize
6KB
MD54c8d90257d073f263b258f00b2a518c2
SHA17b58859e9b70fb37f53809cd3ffd7cf69ab310d8
SHA256972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085
SHA512ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc
-
Filesize
2KB
MD5f1c33cc2d47115bbecd2e7c2fcb631a7
SHA10123a961242ed8049b37c77c726db8dbd94c1023
SHA256b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb
SHA51296587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544
-
Filesize
3KB
MD53fb31a225cec64b720b8e579582f2749
SHA19c0151d9e2543c217cf8699ff5d4299a72e8f13c
SHA2566eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8
SHA512e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45
-
Filesize
4KB
MD5af45b2c8b43596d1bdeca5233126bd14
SHA1a99e75d299c4579e10fcdd59389b98c662281a26
SHA2562c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b
SHA512c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80
-
Filesize
8KB
MD5d98edc491da631510f124cd3934f535f
SHA133037a966067c9f5c9074ae5532ff3b51b4082d4
SHA256d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be
SHA51223faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399
-
Filesize
1.1MB
MD5d67ac58da9e60e5b7ef3745fdda74f7d
SHA1092faa0a13f99fd05c63395ee8ee9aa2bb1ca478
SHA25609e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f
SHA5129d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c