645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555

General

Target

645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe
Size

5.0MB
MD5

e5799d0b023a0f40c8b74f2d9ca41007
SHA1

e4f60fe5a60fd1ac743be134513edb9eec6d9e45
SHA256

645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555
SHA512

d809067d864e8063e1639d6d0d182056ac81632c0507b1e586c7435afa5b3eda60acae41e043f310f8687a3816afb84585d2bd11572990f287c0d80cc37f7de9
SSDEEP

24576:c4V4MROxnFt5bHKTlQCrZlI0AilFEvxHiLx/q:c4CMi1CrZlI0AilFEvxHiL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 2764	1380	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe	28
PID 1380 wrote to memory of 2764	1380	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe	28
PID 1380 wrote to memory of 2764	1380	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe	28
PID 2764 wrote to memory of 2148	2764	csc.exe	30
PID 2764 wrote to memory of 2148	2764	csc.exe	30
PID 2764 wrote to memory of 2148	2764	csc.exe	30

C:\Users\Admin\AppData\Local\Temp\645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe
"C:\Users\Admin\AppData\Local\Temp\645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mjzznqfn.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1FC1.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1FC0.tmp"
    3⤵
    PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES1FC1.tmp

Filesize
1KB

MD5
ef5151ec8d8df1270ca1393da3f19b6b

SHA1
502cb6bcc48e770da4f1e9f36a0ca0227a05ad34

SHA256
ec43daa04cd8259e8c14bbcb00061956ae931d45bb8bb130f9633b0828027316

SHA512
6c855ef98f724d699c816afea1742e608345905c50ca85841ab80885961d0fa15d377251e398ed3648398287453a12fac97916e779b6f261be21fd8b2fcba46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mjzznqfn.dll

Filesize
76KB

MD5
096a92846acdb6787de554ca35c6c718

SHA1
7fdfabfc16a9db98dc6bf8266232f90a0671ed38

SHA256
23f27dd69f2a577c899948f52a59fdaa4edf1cc515dcb474660af26aa67b8fac

SHA512
a198f28e3cb28cb24ce92c8df9a9b631217c2e699cac51f943faa4a6f3ba6f0076933c6261dba87139d6a4ac6b5f82cdce60c367749c18e23a14e2feac68a9e4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC1FC0.tmp

Filesize
676B

MD5
6f73e7a459826ddfb61e5ad407fee945

SHA1
2615bef13de54e8393b9d0eb86d39b3b3716e871

SHA256
6ffa25fa1e5f0bfc7166c85fcffeb58f6d00061dd1d8d04d31229890f44d3db5

SHA512
ebe92f2b0397fa2bfd8427eaaf3c8f384655db7742dfa4e299af4300cd82d886a1c798681b32054c4583ee4b52c0e950cc42c9cc1a5a73463aee0ded02bec008

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mjzznqfn.0.cs

Filesize
208KB

MD5
affb7fbb72cc447c1e169f4da2a6b4ec

SHA1
9243b01a1a1751955d9f22b180783fb8dbdf43fa

SHA256
518b2c9ae85c53bf8337640bca5dada12e496d66e9327f6166cc3b9810486858

SHA512
cb7a4b133262bc32f6a3c4144541150ce28f0a19caa97db57ebff0f4ab755951d2142a6942ae76858e2a9f23a69f53325710958c73318bb9c8a58763219454c8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mjzznqfn.cmdline

Filesize
349B

MD5
e79f7e8ce8bf962adb28b0c1b5089bd3

SHA1
5d4c2797a78bdc5ac1c88bffe75dca10da55fb3c

SHA256
a5a5c992b9ba9857389a37624a6e591f1dd1884a0cbed8432234bbc8be4c4085

SHA512
4be57d246e86981f12c7c407db1e95e2f2953a6e8d6fb73acd7f5c7594787ebca42e8ba943a25d59c6322f5b527ca86ea5ebb3114364a231d08f9d7670d4ef36

Download Submit
memory/1380-20-0x0000000000330000-0x0000000000342000-memory.dmp

Filesize
72KB

Download
memory/1380-23-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/1380-3-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/1380-2-0x00000000002F0000-0x00000000002FE000-memory.dmp

Filesize
56KB

Download
memory/1380-0-0x000007FEF62CE000-0x000007FEF62CF000-memory.dmp

Filesize
4KB

Download
memory/1380-1-0x0000000000860000-0x00000000008BC000-memory.dmp

Filesize
368KB

Download
memory/1380-4-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/1380-28-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/1380-17-0x00000000008E0000-0x00000000008F6000-memory.dmp

Filesize
88KB

Download
memory/1380-22-0x00000000006D0000-0x00000000006D8000-memory.dmp

Filesize
32KB

Download
memory/1380-21-0x00000000006C0000-0x00000000006C8000-memory.dmp

Filesize
32KB

Download
memory/1380-25-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/1380-26-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/1380-27-0x000007FEF62CE000-0x000007FEF62CF000-memory.dmp

Filesize
4KB

Download
memory/2764-19-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-29-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads