77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750

General

Target

77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
Size

911KB
MD5

18cee91dd765a2cb57b70126f43c7dc1
SHA1

09d9165cbb09f16d0f7634c215deb164466c8169
SHA256

77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750
SHA512

9215f5872258cd49932b68f19f070e54acf6c82bdd778774327caf527060247417a82227ac6927c8d05e3bf325f64ec9fd27ed20b7a2b9402e639cbafae4f0aa
SSDEEP

24576:VEqr4MROxnF25bHKTlQarZlI0AilFEvxHibH:VEjMiwarZlI0AilFEvxHi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
File created	C:\Windows\assembly\Desktop.ini	77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1148	2212	77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe	81
PID 2212 wrote to memory of 1148	2212	77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe	81
PID 1148 wrote to memory of 3292	1148	csc.exe	83
PID 1148 wrote to memory of 3292	1148	csc.exe	83

C:\Users\Admin\AppData\Local\Temp\77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe
"C:\Users\Admin\AppData\Local\Temp\77347c19db27238a4f5a9fe56bcfacf8ab4137fb0b54e09e99b0fb3ab69ba750.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bvfh_kgt.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9432.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9431.tmp"
    3⤵
    PID:3292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES9432.tmp

Filesize
1KB

MD5
0ac98e91c4f06c7f42eedff407cef5d1

SHA1
0b82ca1e9badbbb587be9878ba03bee05fb9fd62

SHA256
6189bce89dde6d22da511deffe21b42c504b098f8bd67edd3eecf8d712e2a22c

SHA512
0cac6f14d1bdac5093fe7e6187baee93f73a7b572b72ba75e3465a63c1ea735bc8c601a929dd0eaf70df1bd735f83d75230fb80fc5cca7593250494dabadc8da

Download Submit
C:\Users\Admin\AppData\Local\Temp\bvfh_kgt.dll

Filesize
76KB

MD5
9ed9a97470d910e161575c9f52333ef0

SHA1
30ab946c2308688d1683ad2f65a8b8482f5ca141

SHA256
9da667123323eaae6f138c5b332692d89d2afdeb121b53ef844b1cd748026106

SHA512
fcbffa7fbd1fe1d0cb94e6819f72f763ba30ae704a0a950b54c51300be3a0748b08089b9447d810aa175b534dad252e8811b35af12d0df0626a17bd861487141

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC9431.tmp

Filesize
676B

MD5
84a05079908e905e170562045db1b346

SHA1
6d5cb1aea9d8e31e0e8e2d40324c991c15e59e11

SHA256
3fabad6a2c87a7c0c7b67eb9e5aec2e19d1cb4bff9820d78286cf6cf2702c95a

SHA512
1dde1527d4b0501dfef12e471daac60ec86a2c615155f9f194251f3682eb3f228b68b48208583c5099c8eb6020b34075c71d58cf98aeb071391435e1d205f9a3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bvfh_kgt.0.cs

Filesize
208KB

MD5
4d35ab54fd34d28cadc7c0537d80df11

SHA1
12051adf3ad4637a616aca35d9bac0fd86c7fd51

SHA256
477cf16c71347656a1243d6d1e57a14513d907f82f847752de7a89b0dafb8868

SHA512
4cba7f7feb141f227d6cf1079069beaf5beca0c2bcb7f61c4d7a54aaaee05104d42ebcc6814f29fb3c3125533ad41dd05190d57db2a9e5ec08474ae1d638ea4c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bvfh_kgt.cmdline

Filesize
349B

MD5
0509d86e9df279e3a3116c53653c4d76

SHA1
a4f16eb1a35f194d20ae1e91bdac6c4c51d566c8

SHA256
aa077776fdfe546815912f0cb106a885f28b837f8babf4465046edd3ce35fdaa

SHA512
cda4161f325b4423e8244a2dd44694a98c35bb32a8550ce2519e5fe76f49bfc978d875f0b08261d9cc51c19917db3b521350a31265fa394e798b0c85cc52f6a6

Download Submit
memory/1148-15-0x00007FF8011D0000-0x00007FF801B71000-memory.dmp

Filesize
9.6MB

Download
memory/1148-21-0x00007FF8011D0000-0x00007FF801B71000-memory.dmp

Filesize
9.6MB

Download
memory/2212-28-0x000000001D630000-0x000000001D692000-memory.dmp

Filesize
392KB

Download
memory/2212-27-0x000000001BF30000-0x000000001BF38000-memory.dmp

Filesize
32KB

Download
memory/2212-5-0x000000001C130000-0x000000001C13E000-memory.dmp

Filesize
56KB

Download
memory/2212-2-0x000000001BF40000-0x000000001BF9C000-memory.dmp

Filesize
368KB

Download
memory/2212-0-0x00007FF801485000-0x00007FF801486000-memory.dmp

Filesize
4KB

Download
memory/2212-8-0x000000001CB80000-0x000000001CC1C000-memory.dmp

Filesize
624KB

Download
memory/2212-23-0x000000001D240000-0x000000001D256000-memory.dmp

Filesize
88KB

Download
memory/2212-1-0x00007FF8011D0000-0x00007FF801B71000-memory.dmp

Filesize
9.6MB

Download
memory/2212-26-0x000000001BE20000-0x000000001BE28000-memory.dmp

Filesize
32KB

Download
memory/2212-31-0x000000001D790000-0x000000001D7AE000-memory.dmp

Filesize
120KB

Download
memory/2212-6-0x00007FF8011D0000-0x00007FF801B71000-memory.dmp

Filesize
9.6MB

Download
memory/2212-7-0x000000001C610000-0x000000001CADE000-memory.dmp

Filesize
4.8MB

Download
memory/2212-25-0x000000001BEA0000-0x000000001BEB2000-memory.dmp

Filesize
72KB

Download
memory/2212-30-0x000000001E550000-0x000000001E640000-memory.dmp

Filesize
960KB

Download
memory/2212-29-0x000000001DF90000-0x000000001E54A000-memory.dmp

Filesize
5.7MB

Download
memory/2212-32-0x000000001E650000-0x000000001E699000-memory.dmp

Filesize
292KB

Download
memory/2212-33-0x00007FF8011D0000-0x00007FF801B71000-memory.dmp

Filesize
9.6MB

Download
memory/2212-34-0x000000001E730000-0x000000001E7A0000-memory.dmp

Filesize
448KB

Download
memory/2212-35-0x00007FF8011D0000-0x00007FF801B71000-memory.dmp

Filesize
9.6MB

Download
memory/2212-37-0x000000001CCC0000-0x000000001CCC8000-memory.dmp

Filesize
32KB

Download
memory/2212-38-0x00007FF8011D0000-0x00007FF801B71000-memory.dmp

Filesize
9.6MB

Download
memory/2212-39-0x00007FF801485000-0x00007FF801486000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads