b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95

Analysis

max time kernel
21s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe
Size

910KB
MD5

5156c02ba456505eb44557a77869bfe3
SHA1

02191371b5aaf6cebe08299c0860c44aed0cfbbc
SHA256

b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95
SHA512

8be628a58be0a5bbacdf4a829718b8b4f11f902b1f2363d382525f078a6ef4214f859f4a470a12901a7e441fac6420bf2f79411a8d74fac9a62e5c011ab060ac
SSDEEP

12288:FLshHIzFBmqvjdFB7dG1lFlWcYT70pxnnaaoawuSIh4BBpGQrZNrI0AilFEvxHv7:Xrv4MROxnFf/i1rZlI0AilFEvxHiooY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 2724	560	b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe	29
PID 560 wrote to memory of 2724	560	b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe	29
PID 560 wrote to memory of 2724	560	b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe	29
PID 2724 wrote to memory of 2824	2724	csc.exe	31
PID 2724 wrote to memory of 2824	2724	csc.exe	31
PID 2724 wrote to memory of 2824	2724	csc.exe	31

C:\Users\Admin\AppData\Local\Temp\b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe
"C:\Users\Admin\AppData\Local\Temp\b7ddecbab111eeb2db8176f649a3a305fa8979b27fe9f5407b585cf1953ffa95.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:560
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\8rvuoxwo.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2405.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2404.tmp"
    3⤵
    PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8rvuoxwo.dll

Filesize
76KB

MD5
ae789753e36fc4d296f369d81c24e32a

SHA1
19f5917d9a74aea684b717f1fb6a595f50d7b8a7

SHA256
78404653cb55de7512e382d1fd706edc257e9ce97fc762324f08d2adf589d2c3

SHA512
77b2632f811f4fda08568e8ef3915076688c6b173f30c666f2b84177abee3491ddd8758407f4f4eb8ceb4c4b64996b4602070380bfe61c53c7182520f089b99e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES2405.tmp

Filesize
1KB

MD5
8ee1a4dad076e304a1b3735f1eefe73d

SHA1
4a55989ee4525d3b6c63596464c45099a39b0e8a

SHA256
0bb8fd06e5c68bb6ad557909dc6b9037301f112d185732de68d93279d5b81f3b

SHA512
1353252dee064620794301bc0c9ced102a7faa68283682e42c829b71a5d83d8785722380cbd7915958ed829c1a20a5ca904634adc2c69d3b15a3ed5f03ba6dd0

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\8rvuoxwo.0.cs

Filesize
208KB

MD5
c555d9796194c1d9a1310a05a2264e08

SHA1
82641fc4938680519c3b2e925e05e1001cbd71d7

SHA256
ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a

SHA512
0b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\8rvuoxwo.cmdline

Filesize
349B

MD5
bd1c60dc5a2a842c92f890a6dcd41698

SHA1
2327a1d8ecab24544cea91e4200af950baacd6a4

SHA256
746321d6b4cbc3f6cb3ecd14cdbf77a01168dbc707d264f91a0939f876a7569a

SHA512
26f4feaeb0ac735368ac29adfb22dca4d85ad16d5bdcff519a1c6304d01b35e51bb09b3f0d60873f2e3957050b4382dd7c9adc0f8c653be19c99b1c40043075b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC2404.tmp

Filesize
676B

MD5
01e574fdb4b4e153cfd3cd0bf6abcae8

SHA1
711512e0cbcd7b0b9f3ae9c7252bd3cb72c3877c

SHA256
e93ebc8330dc41323db8c471037b6da1316daa71ec8bf113e61525bc8f3e75e2

SHA512
f376b22da254739e971866f9af5cce9fd37ef3679497cebb22e0280fe95849f10c43adb1fa2fa4933d2bfc5ea3d6df3aeb6fda582211ae9f8cdc68b11c026d73

Download Submit
memory/560-22-0x00000000020B0000-0x00000000020B8000-memory.dmp

Filesize
32KB

Download
memory/560-3-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

Filesize
9.6MB

Download
memory/560-1-0x000000001AFF0000-0x000000001B04C000-memory.dmp

Filesize
368KB

Download
memory/560-7-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

Filesize
9.6MB

Download
memory/560-19-0x000000001AED0000-0x000000001AEE6000-memory.dmp

Filesize
88KB

Download
memory/560-2-0x00000000002F0000-0x00000000002FE000-memory.dmp

Filesize
56KB

Download
memory/560-0-0x000007FEF5A2E000-0x000007FEF5A2F000-memory.dmp

Filesize
4KB

Download
memory/560-21-0x0000000000620000-0x0000000000632000-memory.dmp

Filesize
72KB

Download
memory/560-23-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

Filesize
9.6MB

Download
memory/560-24-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

Filesize
9.6MB

Download
memory/2724-10-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

Filesize
9.6MB

Download
memory/2724-17-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads