f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13.exe
Size

5.0MB
MD5

a4c8388b79175063b36531780617feb2
SHA1

c2632a879a67fdbdc81e4f80b22e36147366102a
SHA256

f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13
SHA512

313ec442deefe8ff5c56543bad8a3088e984fad6d38f7740f068108e2278f1d1afa70a19c39a09f9fce3f57aa88e2aba2f840f66481f6fda1a966c17884d2428
SSDEEP

24576:zqI4MROxnFj3rxXFHXRrZlI0AilFEvxHiHlT:zqrMi1lRhrZlI0AilFEvxHi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2268	1804	f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13.exe	28
PID 1804 wrote to memory of 2268	1804	f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13.exe	28
PID 1804 wrote to memory of 2268	1804	f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13.exe	28
PID 2268 wrote to memory of 3056	2268	csc.exe	30
PID 2268 wrote to memory of 3056	2268	csc.exe	30
PID 2268 wrote to memory of 3056	2268	csc.exe	30

C:\Users\Admin\AppData\Local\Temp\f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13.exe
"C:\Users\Admin\AppData\Local\Temp\f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rzdpihsm.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCAF.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCAE.tmp"
    3⤵
    PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESCAF.tmp

Filesize
1KB

MD5
397b1e7d453ce786c0a9e23b6868d000

SHA1
602ad9b0989b4ea0c143e8d6725346f80e3745ec

SHA256
ccc712aa8c5b30c84375939611953d86d6adac8c6a26fc5d21073d169564839d

SHA512
aa666e21f55699d81b724809742ebf640a841591e7477969c7a98457ab868685cac43735ea18c56c9d9f08271ad4b2d1f769023a97a869420b3ca5d3097bc4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\rzdpihsm.dll

Filesize
76KB

MD5
529814e42405b7546e91459bf63e15b4

SHA1
085b78973043e81540cbdbc705910e14bd26a883

SHA256
b8e1eae008a3bba69644463bb309a71ed31f9bf27b06febedb68810e6fadd6e4

SHA512
3af5b35ffef634d1ffe98aff877fd14eda8246e0550234f66839b2d64cd3743f0a19c2f0a6e91fc955f2e0b43bd65dab7608861e2cce2e65215deafc1c0857ca

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCCAE.tmp

Filesize
676B

MD5
f307a2b4d074af4a85e57b572a44d1a9

SHA1
6d9a58ff2ad8dcab697e9c80563c9bc62bce4e5b

SHA256
e8f44f406943891f811f65f9b15b9c578ab0a5e1df00ff808aeded6fb7b96a8a

SHA512
cc9ab9b0c57cb2c3abf2d069ecd7e3de489e1d9f626e31c0f668dbc5a0b026fdbdb3dfc9d31a294a054a862048120fe1a77439accd092c0d976440d7993de853

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rzdpihsm.0.cs

Filesize
208KB

MD5
250321226bbc2a616d91e1c82cb4ab2b

SHA1
7cffd0b2e9c842865d8961386ab8fcfac8d04173

SHA256
ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d

SHA512
bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rzdpihsm.cmdline

Filesize
349B

MD5
b00b7f8e3c88e8a48fb7489544d710cc

SHA1
ea37cd4dded6b20e2051544f8ba6c89a6fb54458

SHA256
d4aee628b694f44bfb0b1d0ff867de836f176f6ce269c176bed1eb4a421029d5

SHA512
52ddceaf6abb8a96e91910ba98232cf4d071fdcdd44b7ead0cc66312315012cdc30f7897a8dbab766c17692d47b15332e1b37168b6bc611ab710ad2c0f92cf8c

Download Submit
memory/1804-2-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1804-4-0x000007FEF5AF0000-0x000007FEF648D000-memory.dmp

Filesize
9.6MB

Download
memory/1804-0-0x000007FEF5DAE000-0x000007FEF5DAF000-memory.dmp

Filesize
4KB

Download
memory/1804-3-0x000007FEF5AF0000-0x000007FEF648D000-memory.dmp

Filesize
9.6MB

Download
memory/1804-19-0x00000000005D0000-0x00000000005E6000-memory.dmp

Filesize
88KB

Download
memory/1804-1-0x00000000022C0000-0x000000000231C000-memory.dmp

Filesize
368KB

Download
memory/1804-21-0x0000000000420000-0x0000000000432000-memory.dmp

Filesize
72KB

Download
memory/1804-22-0x000007FEF5AF0000-0x000007FEF648D000-memory.dmp

Filesize
9.6MB

Download
memory/1804-23-0x000007FEF5DAE000-0x000007FEF5DAF000-memory.dmp

Filesize
4KB

Download
memory/1804-24-0x000007FEF5AF0000-0x000007FEF648D000-memory.dmp

Filesize
9.6MB

Download
memory/2268-12-0x000007FEF5AF0000-0x000007FEF648D000-memory.dmp

Filesize
9.6MB

Download
memory/2268-17-0x000007FEF5AF0000-0x000007FEF648D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads