Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16-07-2024 01:05
Behavioral task
behavioral1
Sample
29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe
Resource
win10v2004-20240709-en
General
-
Target
29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe
-
Size
5.0MB
-
MD5
b49a2bf6b7e1f66880eb1f370266955a
-
SHA1
a7e0eb86e23b971c504be4a786c40f127f7398ff
-
SHA256
29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb
-
SHA512
b9aee1f61e201e620582ba44750aeb034483a92239f096035bc92c6009112ae378de2d4338ebc0c195b53ad2f18c8c31186797a476ef9a1e41aca61af8990800
-
SSDEEP
24576:i9Hs4MROxnF95bYmfFhQYrZlI0AilFEvxHi3e:qH/MiKYrZlI0AilFEvxHi
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
Processes:
29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exedescription ioc Process File created C:\Windows\assembly\Desktop.ini 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe File opened for modification C:\Windows\assembly\Desktop.ini 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe -
Drops file in Windows directory 3 IoCs
Processes:
29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exedescription ioc Process File opened for modification C:\Windows\assembly 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe File created C:\Windows\assembly\Desktop.ini 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe File opened for modification C:\Windows\assembly\Desktop.ini 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.execsc.exedescription pid Process procid_target PID 4512 wrote to memory of 2276 4512 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe 86 PID 4512 wrote to memory of 2276 4512 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe 86 PID 2276 wrote to memory of 1100 2276 csc.exe 88 PID 2276 wrote to memory of 1100 2276 csc.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe"C:\Users\Admin\AppData\Local\Temp\29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4512 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3qga5hek.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FFE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7FFD.tmp"3⤵PID:1100
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD5fb8d15f898b0d5e183875a10189604f6
SHA127d0793d2284a13cd0d3567623932eadb9109a67
SHA256da171bddf2def47d06a3fa5b3c43d3bfed07df5994618543432811ba6f90315c
SHA512badf58f5c4c47f7ffda15055bb90efdc1b1e798b8ef1549322249bdbfa6505ce9b2246ad3d75d54bb64aa34e42f9ac3b288a042a723e549bfbce4eb1cbaa7374
-
Filesize
1KB
MD572b5129a5667d022d3d7e890ec6e3e79
SHA1fafdfb6187f2ea272a687864b07b23ae5fbdbaba
SHA2566e6a372f93415f4b38aa4806c19967a5c9bb5e8f69264c627476ce5ee12726a9
SHA51259b6d7e744a7968d8fde54a69bf63b750b1b8fdd3d16e3d87ae6a7302f7e9e666a8a8526fc967304d3b1cdb9dff4569a7e82ebe46f412378d695686bfeb07f30
-
Filesize
208KB
MD5c941e8e46f131c8d6161dbab1ad63cf4
SHA1feb1b74d4c9e4c7c035762b2e3d8698fb1c9b641
SHA25661fd97c2c23b2bcecbccaeb264a474572e81afc2cd126f5bc05a4b349fdaa8c2
SHA5129a3ef11054286a55a232d0f540d5800fb506c756a7e012aac6e82ab2a4cc58f8c7aae989d4027b284e69341dc64b76fa8f09f58bc9508614eec65b58755836de
-
Filesize
349B
MD50df975eec45a00ccd0d15f784143207c
SHA1e2571b4c060b65668de1a1e392156284f9672289
SHA25685e56f080cdba286eeb66868437da1758a7d65dcb99f44e6ab60d6006bdaab2e
SHA5120f00cc8a8cebdb3d93d5ccb5666c288c3c8d8841bc39408b4704c98804441a517d33d84c64a6049153b769958ee058249c8f58fdcc020ef1b5fe991a8741f4dd
-
Filesize
676B
MD5729455d588e6a04d49f63c63b28c9060
SHA163f5d6851de77a16b6155c1e88401edb4b4a6063
SHA256152d3e3611039243ee084cb07245d416c971ea9aaff04aaf61db2ad3dfbe4ffd
SHA512bf97c7cffe1e7e6436417b20f9a5a624ead9f054b309109b918c0c765bd2482d635bc14b7e6c36c5ddf777d7db8e3f30d609ba6d6ae32207ba8119217f36c25a