a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
31-07-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe
Size

3.0MB
MD5

25f00bde128e2a9c2e2a902642f66b19
SHA1

2b325bdac1745903d19d66ce3073f2314bb5c37c
SHA256

a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d
SHA512

877d03687d167534a9f054258743c82ce97fe13672e94dc69e3dad6db50516ca97dfe5d5e9250e822df5de1ace79cc8b51dcbc2e680f74baa8f66dcc24c31f98
SSDEEP

49152:O4m0ie4mZKMTEuSyRfz9W7GvbwkHKMAypQxbTjo9JnCmF6drxwI0AilFCvxHT:O4Die49KzW79EKjypSbPo9JCm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.execsc.exe

description	pid	Process	procid_target
PID 2368 wrote to memory of 2588	2368	a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe	30
PID 2368 wrote to memory of 2588	2368	a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe	30
PID 2368 wrote to memory of 2588	2368	a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe	30
PID 2588 wrote to memory of 2600	2588	csc.exe	32
PID 2588 wrote to memory of 2600	2588	csc.exe	32
PID 2588 wrote to memory of 2600	2588	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe
"C:\Users\Admin\AppData\Local\Temp\a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ze9v-68k.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC562.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCC561.tmp"
    3⤵
    PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESC562.tmp

Filesize
1KB

MD5
381e1f09883960709d1008de60bc63ba

SHA1
e5cc0056490b8bc73858f7d00c5943a501ec0431

SHA256
062e4dbd41c4bb8489b302c1c8eda4154fc7e54e34110e60889cc1d0f2482ba1

SHA512
b23c2e6c1904974bbf8c5dcbc8ffa319a59cffba3b3986e94ae4a2f6a36964ac12e0e576872bce222f4acf5a0162af03714bf12704303ec7cf08d40dbccf8728

Download Submit
C:\Users\Admin\AppData\Local\Temp\ze9v-68k.dll

Filesize
76KB

MD5
c14aa328b846bf8e61cf58ce54215038

SHA1
c220036d6368ca51f3337858c1c25851be896ecd

SHA256
84444ebd1851ed158a5be5671c40afdeccf87b5c38fc43d0ec7e8909e6d4488b

SHA512
ed866f3998b0fc0cfcd5a8f93a1db388ed8404d9eb72e672918c1c269a4ffa1a0708b055a2ceb1e6500464c0948b349e5430f1ce2cb016ff85e4fcb903766245

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCC561.tmp

Filesize
676B

MD5
18cfba0752c1088f2c07414fc077cbfc

SHA1
a68b8fb0d971e3db619bd0a2c2c50506386f946c

SHA256
94c6efee69a44877409a2707899cbcdd8b4a0fe1f8cfbdf48a9f372e3036dfcf

SHA512
211ff68cbbf6bdcce66c8c4f0365e9fb96cdf945f05ac57047bd2b88f04968a70b3ebcedcb17e0e0e3c168c3612cc722a2975adbc81ec46d2e4dd91c54acb0ba

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ze9v-68k.0.cs

Filesize
208KB

MD5
e6b593f9de407978c2d6cff6206f2ddc

SHA1
dbe980cc4e8d9acc60b48d55d92387c1266399f7

SHA256
58019b32f285239256d295e7eccb22c6c84894f788931b06ce21663de4ef63ad

SHA512
b7c91f95da8224c7cae008701c8686f6731337ffb0e572e69a8929d9769be047eccc0b5c31fcc29f6f4fa9780884d7aa8e80ac2838926575bbcaf6cd61d2dec2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ze9v-68k.cmdline

Filesize
349B

MD5
76d1467c042d2e11840d97390d5a7660

SHA1
7c81130a2717654c5584d528a8a0a2d49eaf9815

SHA256
9485e65fb0292889d0b28274c8edfa774d71da95ebd4793c5bae801b89b505ef

SHA512
c92a228056cfe2dc2ddb344a427540c5a109869be11278d66f67efd02dec2b9cb968fefe31ac1fe1f7670d73b4acf37434c319080e536195508a5d761fc38ce4

Download Submit
memory/2368-7-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

Filesize
9.6MB

Download
memory/2368-23-0x000007FEF58AE000-0x000007FEF58AF000-memory.dmp

Filesize
4KB

Download
memory/2368-3-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

Filesize
9.6MB

Download
memory/2368-0-0x000007FEF58AE000-0x000007FEF58AF000-memory.dmp

Filesize
4KB

Download
memory/2368-1-0x0000000000440000-0x000000000049C000-memory.dmp

Filesize
368KB

Download
memory/2368-2-0x00000000003F0000-0x00000000003FE000-memory.dmp

Filesize
56KB

Download
memory/2368-19-0x0000000002600000-0x0000000002616000-memory.dmp

Filesize
88KB

Download
memory/2368-24-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

Filesize
9.6MB

Download
memory/2368-21-0x0000000002590000-0x00000000025A2000-memory.dmp

Filesize
72KB

Download
memory/2368-22-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

Filesize
9.6MB

Download
memory/2588-13-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

Filesize
9.6MB

Download
memory/2588-17-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

Filesize
9.6MB

Download