0f95960120449aeba54a96103c366bfa8d922bc2fe72cbe0ff3565ec3ae03d42

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WallpaperMakerApp.exe
Size

508KB
MD5

a404f73eb5dc271f6a7ee6e040a70336
SHA1

805653284804b80a61d552e8ce68789b09645081
SHA256

1be7904fdd826733e01e7ac2785d2ecb195d467a4e4ebce6bbcfedb0e0761fdb
SHA512

1bf295566612bee2f66df744ea27e8cd4e0ec1a5a3b8b078497b86cab04dc5e227c1c707eeda2a625b70230d4cfa5b7f1cdd3b2ec487f47039c5e819163cd5fe
SSDEEP

6144:3lTMgYkkBQAzUCJwYVwzInODD0nRSq7FkLgdbFuBv485VaIOV/uzus:3lTXYf+mTtkwOH0RpbFu6rs

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2188	WallpaperMakerApp.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2892	2188	WallpaperMakerApp.exe	28
PID 2188 wrote to memory of 2892	2188	WallpaperMakerApp.exe	28
PID 2188 wrote to memory of 2892	2188	WallpaperMakerApp.exe	28
PID 2188 wrote to memory of 2892	2188	WallpaperMakerApp.exe	28
PID 2892 wrote to memory of 2276	2892	csc.exe	30
PID 2892 wrote to memory of 2276	2892	csc.exe	30
PID 2892 wrote to memory of 2276	2892	csc.exe	30
PID 2892 wrote to memory of 2276	2892	csc.exe	30
PID 2188 wrote to memory of 3040	2188	WallpaperMakerApp.exe	31
PID 2188 wrote to memory of 3040	2188	WallpaperMakerApp.exe	31
PID 2188 wrote to memory of 3040	2188	WallpaperMakerApp.exe	31
PID 2188 wrote to memory of 3040	2188	WallpaperMakerApp.exe	31
PID 3040 wrote to memory of 2160	3040	csc.exe	33
PID 3040 wrote to memory of 2160	3040	csc.exe	33
PID 3040 wrote to memory of 2160	3040	csc.exe	33
PID 3040 wrote to memory of 2160	3040	csc.exe	33

C:\Users\Admin\AppData\Local\Temp\WallpaperMakerApp.exe
"C:\Users\Admin\AppData\Local\Temp\WallpaperMakerApp.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\90plbkm8.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD8D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCD8C.tmp"
    3⤵
    PID:2276
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\upnghsa6.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCF90.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCF8F.tmp"
    3⤵
    PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\90plbkm8.dll

Filesize
8KB

MD5
3a9776bea5ad86f081be75194d692236

SHA1
554e9e56f015d1d8b086628f93e44b2b7ccefd2d

SHA256
253b5f02027c6a2dcce3c89fbcefe6c3df55897de0a28430ceff6305b8445691

SHA512
1a4a3885d5bcffdd45fa6b0bb4fee2f8468523c2ed654e70937cc93f16054ce16dde30710851c810375e52f40d0444d20b2c09d317e634553ddce4a7b002d937

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESCD8D.tmp

Filesize
1KB

MD5
63d6cd756d0f547592ad2a1e9911b62f

SHA1
1ae0a3604e3cd92fca1ebd633dc59cb49895b468

SHA256
a98e7b66b29ff54b863a8030e61ab720b97fc48287a8addf1dfcff63a588ee0c

SHA512
609adcbe550f04cc5456cc3bb8b4ca3750c3300b50dbe4ff6c6371cccf45287046815efba49cbfb62e57ba98920ecaf7ea0f5a914290664f6d2b2617d3c33882

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESCF90.tmp

Filesize
1KB

MD5
c8809cadb4752d19e4f69e6acbf61426

SHA1
817b41834783ef6dc6508621917c0539713199e3

SHA256
44a6356c650d85eaf459cec61ffda8710d26621f59229c25c80f878010f9d61d

SHA512
5a2fc18faf9a09ce1b8dbf862643749df772e0f3874cb0dc85f8be1c9bdf3275412a26d46829e7d5c88320af1ea2c4a79a2a4cdbe0e3d4c30f6259dd51562fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\upnghsa6.dll

Filesize
12KB

MD5
db976ea6ed9eed6e79b6ab76e81684ed

SHA1
3513bca564ec3c8286d654d460ab908dca7b0299

SHA256
52824ab24e6d6cb174e03ef9cf0686684d3d1af5dc90906507b001b13e4d2c46

SHA512
2834ee6bc1242f9c530b1da7ca3e220c6f88b7570ac2b62ff5bdaa9b2373b1cb429403e03d902f53707ff738e3dc424ba2691631ca50a4f6fed09336f34dfb09

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\90plbkm8.0.cs

Filesize
12KB

MD5
62eed98115e1c0d4d580da2ac8294d3a

SHA1
e08e65a096b534275a57cafcfe5a62c28c068b80

SHA256
60ab8891325ef907d5d58d9ac77ba983e94f603e2bc8c63157b9411d29cfe51b

SHA512
504e0b2d8b986dc831b06e16acbd8d632b2397b7000bd9ac3ec409bea7adf799b7ff193eb7528d288ba4fa4a0886e7d318f8b08b71e7c95241fe20946003b6f9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\90plbkm8.cmdline

Filesize
408B

MD5
81ae796bf837c59bc6185d8b7c734f4f

SHA1
bb8a10032e20a59eb72d5f86f2d81544288ae143

SHA256
760eb327e84f7236fe292473cced1831f218186b566835fe2a16abeaf6efd4b6

SHA512
1f76f8c945542c2035e34e2c19acf3c0d103ddc24e7ce2c8059daab5fe4c626c43abc6c383ce5d68dd280962fc30128cd2062f481c01e6224a775321e9464dd2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCCD8C.tmp

Filesize
652B

MD5
18b5c65c9252fba0a8517c98f3644f1b

SHA1
f0b5ed4dab2dc2b975850da667d114ee4edf21ec

SHA256
95eebbcde7b6cbde3239d55789661e49ab55fa11c8a4f34f27a4a5da80a8af36

SHA512
e738cadf82a4b4da0f4663410ba5c4af08408993956ae39cc5cffed65bd7f5839a640e5f23fcbf09eb96b6d4be396b7170b520d2a2946636162180ffe6f29e07

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCCF8F.tmp

Filesize
652B

MD5
7992539880448d5c4021e58353a5f712

SHA1
19e914129abf405360ced7bb1a257c6820a8d0ca

SHA256
9e94b25f10699ee41c1e962fa0d329ee93a0fececf2337cc4f700ffb0145136a

SHA512
268d6e3b0b74c9911325188c5b4be2f906fceac294d933ad583f2cf4737c41b65cfba4c31375956bacfe1b17c67c44e2eebe4d909e9621f4fab02bb4053823cb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\upnghsa6.0.cs

Filesize
28KB

MD5
e451f0e9cd32966341f6aa80c15ccfaa

SHA1
279b4d7b13b344b66fdd04ab3a64b93446c146bc

SHA256
547a45567c7140990e89fdc6bdb18db70e29262a494cc00da7de09ebd0e73056

SHA512
2d558e13fdd7b26afdc8555c373475a7d680bd924773a44179852cc2ed60ad2c7dba338f8b66acd5d1fe08258823ac00dc0884a2320582dac63fbc558d22f0a2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\upnghsa6.cmdline

Filesize
408B

MD5
b3f69559184b5431c0825f7e005a1748

SHA1
c2cbc89eaf4fa40cfa1c790253314e0c1e42229d

SHA256
611269ff445705cd350a409f6360d6a4aa00ed35e0e9e41e6be0aba8c946aa07

SHA512
0597243840134ae0c6b973130291446037974de48648f8550d7c08b6aca01d9554f9e504b67802c7b4de4cd4a77e3717ec675afacbfae57c34e7121fec8652c5

Download Submit
memory/2188-5-0x0000000002050000-0x00000000020EA000-memory.dmp

Filesize
616KB

Download
memory/2188-15-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2188-9-0x0000000000A80000-0x0000000000AA0000-memory.dmp

Filesize
128KB

Download
memory/2188-0-0x0000000074E61000-0x0000000074E62000-memory.dmp

Filesize
4KB

Download
memory/2188-7-0x0000000000820000-0x0000000000834000-memory.dmp

Filesize
80KB

Download
memory/2188-3-0x0000000000800000-0x0000000000818000-memory.dmp

Filesize
96KB

Download
memory/2188-2-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2188-1-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2188-53-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2892-23-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2892-28-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads