a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe
Size

3.0MB
MD5

25f00bde128e2a9c2e2a902642f66b19
SHA1

2b325bdac1745903d19d66ce3073f2314bb5c37c
SHA256

a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d
SHA512

877d03687d167534a9f054258743c82ce97fe13672e94dc69e3dad6db50516ca97dfe5d5e9250e822df5de1ace79cc8b51dcbc2e680f74baa8f66dcc24c31f98
SSDEEP

49152:O4m0ie4mZKMTEuSyRfz9W7GvbwkHKMAypQxbTjo9JnCmF6drxwI0AilFCvxHT:O4Die49KzW79EKjypSbPo9JCm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.execsc.exe

description	pid	Process	procid_target
PID 3996 wrote to memory of 1532	3996	a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe	84
PID 3996 wrote to memory of 1532	3996	a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe	84
PID 1532 wrote to memory of 2476	1532	csc.exe	86
PID 1532 wrote to memory of 2476	1532	csc.exe	86

C:\Users\Admin\AppData\Local\Temp\a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe
"C:\Users\Admin\AppData\Local\Temp\a95130d9516704e9f80a00dfd4fba85144c79297823db15186d26c031ce3ec5d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\twmhhazo.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCCA7.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCCA6.tmp"
    3⤵
    PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESCCA7.tmp

Filesize
1KB

MD5
48e819bf1e758870689eef03193b34e7

SHA1
04ea33d69fb1958c2b25e20df08256b452ac8696

SHA256
56e7a1cfbf3a5f4bb01ba11ca254b5c56bc7480792236306ab101d5ecbf16988

SHA512
9f8fa4c4a08b458a94326f8587a03550fe2ad0cd202a08442ad0d4fe0d10472d21a0db28aadb0e135b89c7cc0039a7c4829b60b329f67be0acd3bfe9cbcefc5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\twmhhazo.dll

Filesize
76KB

MD5
feaefb496a4d72d302be83f702932d29

SHA1
7a6cfe5829493b7d55822b232db98507475cbf00

SHA256
8969f37e9d8f196153542550cb54f134327fe7a257b170d4d3b7219666620912

SHA512
48fe9586de3013a527933bd3af8b729f8186e9ce796a69a57fce64dd9fe73885661c194494b014a48631f74bd434919d3a22436ce368c34d31c7b9540e322470

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCCCA6.tmp

Filesize
676B

MD5
b7ceb76a8599f41e15f96a78fe781f41

SHA1
d54342727e934629dd43d2be4cb4f7a4da8aa92f

SHA256
20e36f8d545089bb92df2092a7aeffe385cba73ef4c26a0f7788c0d51040999c

SHA512
16aecae855dbd849f6caa18b6cfe6c8bcd9d0ab8809f2c3b5ad156c5b432e0b5ca1c4c18a45363efc801156734d2c37fe2421099903eff0563684e0358b63d29

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\twmhhazo.0.cs

Filesize
208KB

MD5
aabfb4c9a6ded2189d452da3f653a10d

SHA1
972a2d2f82851b13f3dbdbce30a3418d81e7e750

SHA256
5bebe0c5bd82d2a5aaee901a91af4c130ccd4feb7509a60464adce42019fc160

SHA512
7c72dd94e419cb88959b8b78137dbcf7b1651c6908eae1682172d8b7debd6242b220c7a67a35fc5880050bbf4985e9590929d0c955d14d5783f2e317e70f0927

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\twmhhazo.cmdline

Filesize
349B

MD5
8b6b95b86691512d98ba6d3cd1293f1b

SHA1
b6365ea59e99399d0785c73f33372fde39bb64ab

SHA256
c37103a21afa8da3eba0b1a61f62854aaab78ae9841932ca0d870831de8bda37

SHA512
ad081fe7805afeee3246a2a5dd3e002d629e33954efa62ab723571fd88f1dc3a6d8c2486892176525c28d15aca95c38857f1165383031f630f65e8f20956aab7

Download Submit
memory/1532-19-0x00007FFBC2E40000-0x00007FFBC37E1000-memory.dmp

Filesize
9.6MB

Download
memory/1532-14-0x00007FFBC2E40000-0x00007FFBC37E1000-memory.dmp

Filesize
9.6MB

Download
memory/3996-5-0x000000001C660000-0x000000001CB2E000-memory.dmp

Filesize
4.8MB

Download
memory/3996-6-0x000000001CBD0000-0x000000001CC6C000-memory.dmp

Filesize
624KB

Download
memory/3996-0-0x00007FFBC30F5000-0x00007FFBC30F6000-memory.dmp

Filesize
4KB

Download
memory/3996-3-0x000000001BE30000-0x000000001BE8C000-memory.dmp

Filesize
368KB

Download
memory/3996-4-0x000000001BCB0000-0x000000001BCBE000-memory.dmp

Filesize
56KB

Download
memory/3996-2-0x00007FFBC2E40000-0x00007FFBC37E1000-memory.dmp

Filesize
9.6MB

Download
memory/3996-1-0x00007FFBC2E40000-0x00007FFBC37E1000-memory.dmp

Filesize
9.6MB

Download
memory/3996-21-0x000000001CC70000-0x000000001CC86000-memory.dmp

Filesize
88KB

Download
memory/3996-23-0x000000001BCF0000-0x000000001BD02000-memory.dmp

Filesize
72KB

Download
memory/3996-24-0x000000001BD20000-0x000000001BD28000-memory.dmp

Filesize
32KB

Download
memory/3996-25-0x00007FFBC2E40000-0x00007FFBC37E1000-memory.dmp

Filesize
9.6MB

Download
memory/3996-26-0x00007FFBC30F5000-0x00007FFBC30F6000-memory.dmp

Filesize
4KB

Download
memory/3996-27-0x00007FFBC2E40000-0x00007FFBC37E1000-memory.dmp

Filesize
9.6MB

Download