Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22-08-2024 11:42
Behavioral task
behavioral1
Sample
RosConsole/RosConsole.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
RosConsole/RosConsole.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
RosConsole/data/Roshelp.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
RosConsole/data/Roshelp.exe
Resource
win10v2004-20240802-en
General
-
Target
RosConsole/data/Roshelp.exe
-
Size
77.7MB
-
MD5
05656d00ac076c3508a8cd9349352155
-
SHA1
8f1e23d333c999162e5cbfa455a40c51afdf5c7d
-
SHA256
22795cef30a96f1c86993a78f23d43c12675fdaf006cd862a7297d23addd03b4
-
SHA512
1f71d86d4172915ae98c0a4ed636a8f363937519c7157a3886b8dda258cefcb68c79bfe76aa1fabcee3451199bbeeff5548567c1ac8090b4f0709c7baa0c3179
-
SSDEEP
1572864:wvHcRlKW6h7vXSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgY3uunG/Z9UA:wvHcRUnhTSkB05awcfhdCpuU3HC9U
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
Roshelp.exepid Process 1036 Roshelp.exe 1036 Roshelp.exe 1036 Roshelp.exe 1036 Roshelp.exe 1036 Roshelp.exe 1036 Roshelp.exe 1036 Roshelp.exe -
Processes:
resource yara_rule behavioral3/files/0x000300000001e921-1412.dat upx behavioral3/memory/1036-1414-0x000007FEF5CC0000-0x000007FEF6384000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Roshelp.exedescription pid Process procid_target PID 2084 wrote to memory of 1036 2084 Roshelp.exe 30 PID 2084 wrote to memory of 1036 2084 Roshelp.exe 30 PID 2084 wrote to memory of 1036 2084 Roshelp.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\RosConsole\data\Roshelp.exe"C:\Users\Admin\AppData\Local\Temp\RosConsole\data\Roshelp.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Users\Admin\AppData\Local\Temp\RosConsole\data\Roshelp.exe"C:\Users\Admin\AppData\Local\Temp\RosConsole\data\Roshelp.exe"2⤵
- Loads dropped DLL
PID:1036
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5ac28edb5ad8eaa70ecbc64baf3e70bd4
SHA11a594e6cdc25a6e6be7904093f47f582e9c1fe4d
SHA256fbd5e958f6efb4d78fd61ee9ee4b4d1b6f43c1210301668f654a880c65a1be86
SHA512a25b812b9fa965af5f7de5552e2c2f4788a076af003ac0d94c3b2bc42dd9ab7e69af2438ce349b46a3387bf2bfcf27cec270d90ca6a44c9690861331c9e431e1
-
Filesize
19KB
MD5b5832f1e3a18d94cd855c3d8c632b30d
SHA16315b40487078bbafb478786c42c3946647e8ef3
SHA2569f096475d4ba1533f564dd4a1db5dfeb620248fe14518042094b922539dc13e3
SHA512f3016ded97591e25a6d4c70d89251a331402455ab589604e55c486fec37ee8e96bd1be2d4e4e59ba102dad696b3e1f754b699f9ebe8ae462e8b958ed2d431a5b
-
Filesize
19KB
MD5fd59ee6be2136782225dcd86f8177239
SHA1494d20e04f69676c150944e24e4fa714a3f781ca
SHA2561fd044fdbc424779b01b79d477ee79dfbb508a04e86c62e1c8fc4f6d22f6a16a
SHA5122250d54c3b9e6aeb2f5406e1428536564357a48ceab51596b33ff0843086fb420ad886af61725b25a58e2f50a4c17ddee10696d6041db9b60891eff8e495775c
-
Filesize
19KB
MD58ff0692d32f2fcb0b417220b98f30364
SHA15eeb1d781d44e4885284c8b535f051efca64aef8
SHA25653cea73c248a49389bc2da01acac1d8e8022a7e034bcd522306e43a937200897
SHA512f73249f70953c537da02b890308cb18a9c6676401975bf13aeb61b1db9dfa042e908c52ee266b404948a568b23b0cfb37ecd4b80379c398c15f56ce7a82cf7a5
-
Filesize
19KB
MD5863ed806b4f16be984b4f1e279a1f99b
SHA1b9a919216ef90064ac66b12ccde6b3bf1f334ee8
SHA256171ca9df2b9ecfa545748af724c1c56ab396b299503a14c4da2197b0e5a44401
SHA512fb8f195d9a1885c16aa2cc6eff38e627ea127b18978016d6046dc0120a19ab40cc4fe4b799c06f133b02f7cd6a634ae1665f05f9be5fcae609229dfaae0ce478
-
Filesize
1.7MB
MD5506c760a20e6bb940590229d41449ffa
SHA1b7c439f253987fb0ff66fc5ce959cf711b18eb8d
SHA256e63503b2715df3eab8abb9b2682129e27a7add9acea9008f06f55494a2b2f3d5
SHA51234df2e8e53caac0cd72cb3c5848296ca8cfa10c542c0a5f88385d6b35ab70b86957540de2ff105a27cefb37ccbb5789261a69132b535a857df32875c1f9deb9e
-
C:\Users\Admin\AppData\Local\Temp\_MEI20842\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER
Filesize4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
1023B
MD5141643e11c48898150daa83802dbc65f
SHA10445ed0f69910eeaee036f09a39a13c6e1f37e12
SHA25686da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741
SHA512ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f
-
Filesize
92B
MD543136dde7dd276932f6197bb6d676ef4
SHA16b13c105452c519ea0b65ac1a975bd5e19c50122
SHA256189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714
SHA512e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1
-
Filesize
1.1MB
MD5988755316d0f77fc510923c2f7cd6917
SHA1ccd23c30c38062c87bf730ab6933f928ee981419
SHA2561854cd0f850da28835416e3b69ed6dae465df95f8d84e77adbbc001f6dbd9d78
SHA5128c52210a919d9f2856f38bd6a59bbc039506650a7e30f5d100a5aa5008641707122ff79f6f88c268c9abc9f02ba2792eed6aad6a5c65891a9ce7d6d5f12c3b0a