645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555

General

Target

645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe
Size

5.0MB
MD5

e5799d0b023a0f40c8b74f2d9ca41007
SHA1

e4f60fe5a60fd1ac743be134513edb9eec6d9e45
SHA256

645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555
SHA512

d809067d864e8063e1639d6d0d182056ac81632c0507b1e586c7435afa5b3eda60acae41e043f310f8687a3816afb84585d2bd11572990f287c0d80cc37f7de9
SSDEEP

24576:c4V4MROxnFt5bHKTlQCrZlI0AilFEvxHiLx/q:c4CMi1CrZlI0AilFEvxHiL

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe
File created	C:\Windows\assembly\Desktop.ini	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 3560	2788	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe	81
PID 2788 wrote to memory of 3560	2788	645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe	81
PID 3560 wrote to memory of 2452	3560	csc.exe	83
PID 3560 wrote to memory of 2452	3560	csc.exe	83

C:\Users\Admin\AppData\Local\Temp\645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe
"C:\Users\Admin\AppData\Local\Temp\645597465ea4675277057c7ddaf0cd975cdf91fa5a76ccf94ecdc8574f8fa555.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\y1vu7n2x.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3560
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES563F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC563E.tmp"
    3⤵
    PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES563F.tmp

Filesize
1KB

MD5
38e2c0a2c8122a8eddebca4291c2619c

SHA1
b46613aecdd6fdaf00150951551dc77dda5d6b3f

SHA256
9aca1a841937220f1b2f1847ba848de1ab8fad04d154fc739a52b58945a221cf

SHA512
388d4c2a61aacb36cb6dc4317684932a5e483d09a51ef6364523dbf94e4057e8883c9e167d2328cdfd121495fe89078d41fc9d81e79e23622c251f423d2a4273

Download Submit
C:\Users\Admin\AppData\Local\Temp\y1vu7n2x.dll

Filesize
76KB

MD5
1d529408347184bb5a4108d27fa5e09c

SHA1
b6e0f5c4610ae6d1f5b10b5b4479011c710752c6

SHA256
b8cfccde6d8ec8bd5a097d25d106c971909db76f31ffcfa28d44f01e5cb9b893

SHA512
93e3204798bed543ea41070dd9771ff62e25291ca8341bc51421906b7a15e0ad4f2104fe4729e50d20058d9739159e7063100e2f603e09fafcd07d0ab6fc0fea

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC563E.tmp

Filesize
676B

MD5
43e6dfdad837e9502dc431fc0ea53335

SHA1
2c7a26b03047a8266d5721da383af5f5acd05a94

SHA256
59150a594b9cd3321d58dbf055315ce9ae6026c2111cdef5569566bb690437c0

SHA512
bbbead1dd7e65280f0c1b879da1183c52da4711c6c2491dff323e32d169edbd0686b049045e8fff4b05ba0de7a0e1c57c58a1862add879a972d6c0e4d85fedb6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\y1vu7n2x.0.cs

Filesize
208KB

MD5
334ba29759bfc9c7054d9c3814bad6bd

SHA1
361d5e5df659d08cf239bc8dc53992ba6075c333

SHA256
c1e1e72df2c54c211efe802293302d79f7cca42ee740ce0c23d298c681da6b06

SHA512
3de07f28f9ec5a0ceef34b48a2da55088637e3e33a5ab59e00137dc97c65731c5e22c2b3c4b175e2467717fcc4a6bd3f822671b1ac03f860ae9f4acc85b14926

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\y1vu7n2x.cmdline

Filesize
349B

MD5
e4667c2b1555c32603f01a47c9e0cd28

SHA1
fb774bf2377d0603cef5bf8d4e8089a3dee91317

SHA256
5f0a324e15f051792962df9931a02724fc75b2ad86ce957e286a272d4fcbae3c

SHA512
01ca1cff845324f765e580d7c200eec57b744ebb14a2572e7151e2c336d8cd1edd195f0f0d8638dd2fe18f028575f0047a7ee9abc8f40c4bf41438404d45b4fd

Download Submit
memory/2788-23-0x000000001C0F0000-0x000000001C106000-memory.dmp

Filesize
88KB

Download
memory/2788-26-0x000000001B2B0000-0x000000001B2B8000-memory.dmp

Filesize
32KB

Download
memory/2788-7-0x000000001BAB0000-0x000000001BF7E000-memory.dmp

Filesize
4.8MB

Download
memory/2788-6-0x00007FF8B18F0000-0x00007FF8B2291000-memory.dmp

Filesize
9.6MB

Download
memory/2788-5-0x000000001B5D0000-0x000000001B5DE000-memory.dmp

Filesize
56KB

Download
memory/2788-39-0x00007FF8B18F0000-0x00007FF8B2291000-memory.dmp

Filesize
9.6MB

Download
memory/2788-2-0x000000001B3E0000-0x000000001B43C000-memory.dmp

Filesize
368KB

Download
memory/2788-38-0x00007FF8B1BA5000-0x00007FF8B1BA6000-memory.dmp

Filesize
4KB

Download
memory/2788-1-0x00007FF8B18F0000-0x00007FF8B2291000-memory.dmp

Filesize
9.6MB

Download
memory/2788-0-0x00007FF8B1BA5000-0x00007FF8B1BA6000-memory.dmp

Filesize
4KB

Download
memory/2788-25-0x000000001B330000-0x000000001B342000-memory.dmp

Filesize
72KB

Download
memory/2788-8-0x000000001C020000-0x000000001C0BC000-memory.dmp

Filesize
624KB

Download
memory/2788-28-0x000000001CAD0000-0x000000001CB32000-memory.dmp

Filesize
392KB

Download
memory/2788-27-0x000000001B3D0000-0x000000001B3D8000-memory.dmp

Filesize
32KB

Download
memory/2788-29-0x000000001D430000-0x000000001D9EA000-memory.dmp

Filesize
5.7MB

Download
memory/2788-30-0x000000001D9F0000-0x000000001DAE0000-memory.dmp

Filesize
960KB

Download
memory/2788-31-0x000000001CC30000-0x000000001CC4E000-memory.dmp

Filesize
120KB

Download
memory/2788-32-0x000000001DAF0000-0x000000001DB39000-memory.dmp

Filesize
292KB

Download
memory/2788-33-0x00007FF8B18F0000-0x00007FF8B2291000-memory.dmp

Filesize
9.6MB

Download
memory/2788-34-0x000000001DBD0000-0x000000001DC40000-memory.dmp

Filesize
448KB

Download
memory/2788-35-0x00007FF8B18F0000-0x00007FF8B2291000-memory.dmp

Filesize
9.6MB

Download
memory/2788-37-0x000000001C110000-0x000000001C118000-memory.dmp

Filesize
32KB

Download
memory/3560-21-0x00007FF8B18F0000-0x00007FF8B2291000-memory.dmp

Filesize
9.6MB

Download
memory/3560-16-0x00007FF8B18F0000-0x00007FF8B2291000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads