490e237dd1557759ef2f1f7ea188ffec35d01199483ba77d027b2b5d654d634d

General

Target

nursultan crack.exe
Size

917KB
MD5

120802a68926043553500b2521832a7c
SHA1

18b9d5a66d650c6fc5bcf8f4401f0912d209f354
SHA256

490e237dd1557759ef2f1f7ea188ffec35d01199483ba77d027b2b5d654d634d
SHA512

b226c83e8d72292d56cd63f2b2192b80acbc7ba19c9c418f5d168e61886ab971b42abc9f0b9c85611af42ea6601a9d08b2066ca0a8b07a99ed1d1df54a052a85
SSDEEP

24576:aVl64MROxnFi3erxrZlI0AilFEvxHi1kp:aVDMioe1rZlI0AilFEvxHi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	nursultan crack.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	nursultan crack.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	nursultan crack.exe
File created	C:\Windows\assembly\Desktop.ini	nursultan crack.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	nursultan crack.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 216	1032	nursultan crack.exe	85
PID 1032 wrote to memory of 216	1032	nursultan crack.exe	85
PID 216 wrote to memory of 4876	216	csc.exe	87
PID 216 wrote to memory of 4876	216	csc.exe	87

C:\Users\Admin\AppData\Local\Temp\nursultan crack.exe
"C:\Users\Admin\AppData\Local\Temp\nursultan crack.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1nd0bqua.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:216
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3EFE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3EFD.tmp"
    3⤵
    PID:4876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1nd0bqua.dll

Filesize
76KB

MD5
cd6cfc3b4e00f9a575fe8384f30512c0

SHA1
3fce37f96ba498745355f46864436e060b72b80b

SHA256
0d5c658d31450e6422ccf6aa238dbd0f61758cca8589bd926c1973c59ce8e176

SHA512
1dc5cb5da575890d2d1b94675ce5d26f7392f5c6443858baea98704cbe54e268ebd0489baf5730dad94bb1fb1d9aadbab48946abda77317a2417500fbe715526

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES3EFE.tmp

Filesize
1KB

MD5
afaa6f63dcf3ba68746ea0fbcde46a13

SHA1
5f0c6449889a3f3f132ca8e4698b9838d3a5b004

SHA256
249cfe7be8193f22d15dc71b7e42c5f68edc9af11246c7ea58fa954929700cd4

SHA512
5bf482be663a748622ac32f221e429cfce2e173b2064acf7f3ea1797fa0d80d6c3a8b07e98b2fdc6e9c1960f5349d48d15e88ba5d02459ed339cd41f4358d361

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1nd0bqua.0.cs

Filesize
208KB

MD5
aae69fe3d279c58d3c4d7286f795a3ba

SHA1
226c8c511a75e0f7ead63c4c40d26a535154ac48

SHA256
0540037b5124581e6ea08e5c41899002ad0250aee1eee304e31fcae0a4013061

SHA512
e0cd9f0646a9d3fd1a2ed1aeb6fed6af79fa59b44b88be8d36f5734b79d0fa77de2fb11901ef07d91a994f2325b9d8603fb8d2a55766ee3aa40f4a58b1b603be

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1nd0bqua.cmdline

Filesize
349B

MD5
dcd1cec5055c0f72902e3fe9d79a65a9

SHA1
c17a1d984e5c57fc8ad480b67c7fc71ceff45055

SHA256
a1acbebfe737c1221c585082c9b9664d1a3ee5bd3b289d8edc8d36b42b5dda7a

SHA512
884415ffa2f56e33c32473226541426707b4266bb0731a2f48c1f0864b90f3a0ed6feff1b1ae8f2900d7568eb5f2827d59ee6199a5b40d76baa07bcc487b8d40

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC3EFD.tmp

Filesize
676B

MD5
5d0195fc6101f1acba6443be6df28b58

SHA1
96b07af3a48c8d1bff128a897b0559c34c4c4234

SHA256
84bd199100404837b0c7f8445641df8e2dc4b9b7b05db382b6af4733e4e8b90c

SHA512
5fa24267309df21f740875efd49521a2fe842d03e70b99cfc2241014839b90c6cce0c15433e6e043f7ff3c82d729691aaa64f3f21387d96271558347b74aaa8c

Download Submit
memory/216-21-0x00007FFCAC9C0000-0x00007FFCAD361000-memory.dmp

Filesize
9.6MB

Download
memory/216-17-0x00007FFCAC9C0000-0x00007FFCAD361000-memory.dmp

Filesize
9.6MB

Download
memory/1032-23-0x000000001D2C0000-0x000000001D2D6000-memory.dmp

Filesize
88KB

Download
memory/1032-28-0x000000001D6B0000-0x000000001D712000-memory.dmp

Filesize
392KB

Download
memory/1032-6-0x00007FFCAC9C0000-0x00007FFCAD361000-memory.dmp

Filesize
9.6MB

Download
memory/1032-7-0x000000001C690000-0x000000001CB5E000-memory.dmp

Filesize
4.8MB

Download
memory/1032-5-0x000000001C070000-0x000000001C07E000-memory.dmp

Filesize
56KB

Download
memory/1032-2-0x000000001BFB0000-0x000000001C00C000-memory.dmp

Filesize
368KB

Download
memory/1032-1-0x00007FFCAC9C0000-0x00007FFCAD361000-memory.dmp

Filesize
9.6MB

Download
memory/1032-0-0x00007FFCACC75000-0x00007FFCACC76000-memory.dmp

Filesize
4KB

Download
memory/1032-25-0x00000000018C0000-0x00000000018D2000-memory.dmp

Filesize
72KB

Download
memory/1032-26-0x00000000018A0000-0x00000000018A8000-memory.dmp

Filesize
32KB

Download
memory/1032-27-0x0000000001B10000-0x0000000001B18000-memory.dmp

Filesize
32KB

Download
memory/1032-8-0x000000001CC00000-0x000000001CC9C000-memory.dmp

Filesize
624KB

Download
memory/1032-29-0x000000001E010000-0x000000001E5CA000-memory.dmp

Filesize
5.7MB

Download
memory/1032-30-0x000000001E5D0000-0x000000001E6C0000-memory.dmp

Filesize
960KB

Download
memory/1032-31-0x000000001D810000-0x000000001D82E000-memory.dmp

Filesize
120KB

Download
memory/1032-32-0x000000001E6D0000-0x000000001E719000-memory.dmp

Filesize
292KB

Download
memory/1032-33-0x00007FFCAC9C0000-0x00007FFCAD361000-memory.dmp

Filesize
9.6MB

Download
memory/1032-34-0x000000001E7B0000-0x000000001E820000-memory.dmp

Filesize
448KB

Download
memory/1032-35-0x00007FFCAC9C0000-0x00007FFCAD361000-memory.dmp

Filesize
9.6MB

Download
memory/1032-37-0x000000001D2F0000-0x000000001D2F8000-memory.dmp

Filesize
32KB

Download
memory/1032-38-0x00007FFCACC75000-0x00007FFCACC76000-memory.dmp

Filesize
4KB

Download
memory/1032-39-0x00007FFCAC9C0000-0x00007FFCAD361000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads