Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
22-08-2024 11:42
Behavioral task
behavioral1
Sample
RosConsole/RosConsole.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
RosConsole/RosConsole.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
RosConsole/data/Roshelp.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
RosConsole/data/Roshelp.exe
Resource
win10v2004-20240802-en
General
-
Target
RosConsole/RosConsole.exe
-
Size
10.6MB
-
MD5
901bfaec42f6e7695f5ee1b31f5072ae
-
SHA1
77ada23327779b81f4e64e2645aab9728bb8504e
-
SHA256
79ae5c644a198c68c0d4514ddbdbb840a6638a133b60f73456e598c58f1c6798
-
SHA512
b812b903d9b0baae7dd6b8f38e1348e86c30cdc28f55a2f3750d0f5c07cbe3904afbba8b6d5637be0b4ca202fbd52b9df48d8464a56fa924858af48627691a18
-
SSDEEP
196608:+qyqwuLlA1HeT39IigJ1ncKOVVthIUo0W8/Lo79u5Y3LQd7JZtQcNPOP:Opr1+TtIi00VNRW8E5u6sRP6N
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
RosConsole.exepid Process 1968 RosConsole.exe 1968 RosConsole.exe 1968 RosConsole.exe 1968 RosConsole.exe 1968 RosConsole.exe 1968 RosConsole.exe 1968 RosConsole.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
RosConsole.exedescription pid Process procid_target PID 2548 wrote to memory of 1968 2548 RosConsole.exe 30 PID 2548 wrote to memory of 1968 2548 RosConsole.exe 30 PID 2548 wrote to memory of 1968 2548 RosConsole.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\RosConsole\RosConsole.exe"C:\Users\Admin\AppData\Local\Temp\RosConsole\RosConsole.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Users\Admin\AppData\Local\Temp\RosConsole\RosConsole.exe"C:\Users\Admin\AppData\Local\Temp\RosConsole\RosConsole.exe"2⤵
- Loads dropped DLL
PID:1968
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2080
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5ac28edb5ad8eaa70ecbc64baf3e70bd4
SHA11a594e6cdc25a6e6be7904093f47f582e9c1fe4d
SHA256fbd5e958f6efb4d78fd61ee9ee4b4d1b6f43c1210301668f654a880c65a1be86
SHA512a25b812b9fa965af5f7de5552e2c2f4788a076af003ac0d94c3b2bc42dd9ab7e69af2438ce349b46a3387bf2bfcf27cec270d90ca6a44c9690861331c9e431e1
-
Filesize
19KB
MD5b5832f1e3a18d94cd855c3d8c632b30d
SHA16315b40487078bbafb478786c42c3946647e8ef3
SHA2569f096475d4ba1533f564dd4a1db5dfeb620248fe14518042094b922539dc13e3
SHA512f3016ded97591e25a6d4c70d89251a331402455ab589604e55c486fec37ee8e96bd1be2d4e4e59ba102dad696b3e1f754b699f9ebe8ae462e8b958ed2d431a5b
-
Filesize
19KB
MD5fd59ee6be2136782225dcd86f8177239
SHA1494d20e04f69676c150944e24e4fa714a3f781ca
SHA2561fd044fdbc424779b01b79d477ee79dfbb508a04e86c62e1c8fc4f6d22f6a16a
SHA5122250d54c3b9e6aeb2f5406e1428536564357a48ceab51596b33ff0843086fb420ad886af61725b25a58e2f50a4c17ddee10696d6041db9b60891eff8e495775c
-
Filesize
19KB
MD58ff0692d32f2fcb0b417220b98f30364
SHA15eeb1d781d44e4885284c8b535f051efca64aef8
SHA25653cea73c248a49389bc2da01acac1d8e8022a7e034bcd522306e43a937200897
SHA512f73249f70953c537da02b890308cb18a9c6676401975bf13aeb61b1db9dfa042e908c52ee266b404948a568b23b0cfb37ecd4b80379c398c15f56ce7a82cf7a5
-
Filesize
19KB
MD5863ed806b4f16be984b4f1e279a1f99b
SHA1b9a919216ef90064ac66b12ccde6b3bf1f334ee8
SHA256171ca9df2b9ecfa545748af724c1c56ab396b299503a14c4da2197b0e5a44401
SHA512fb8f195d9a1885c16aa2cc6eff38e627ea127b18978016d6046dc0120a19ab40cc4fe4b799c06f133b02f7cd6a634ae1665f05f9be5fcae609229dfaae0ce478
-
Filesize
6.6MB
MD5d521654d889666a0bc753320f071ef60
SHA15fd9b90c5d0527e53c199f94bad540c1e0985db6
SHA25621700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2
SHA5127a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3
-
Filesize
1.1MB
MD5988755316d0f77fc510923c2f7cd6917
SHA1ccd23c30c38062c87bf730ab6933f928ee981419
SHA2561854cd0f850da28835416e3b69ed6dae465df95f8d84e77adbbc001f6dbd9d78
SHA5128c52210a919d9f2856f38bd6a59bbc039506650a7e30f5d100a5aa5008641707122ff79f6f88c268c9abc9f02ba2792eed6aad6a5c65891a9ce7d6d5f12c3b0a