Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29-08-2024 17:44
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20240802-en
General
-
Target
1.exe
-
Size
917KB
-
MD5
52650eecab548e66af5a61020cc4559c
-
SHA1
b6d081535cdc8cbbbfed1128b1bcf361065148b6
-
SHA256
b161c18a7a4b8d72ef498608c9738e57acbe3ffa633154dbe3e3d7bd56e67408
-
SHA512
25cbed29ff0d197e83177fb4ba68ed18e4248d49fa266d51959ff4facd342a4efd0854d90559543cb7902ca0cec7dfd298dbf6626846a01e6a3504dfa835900e
-
SSDEEP
24576:8+5T4MROxnFi3frGrZlI0AilFEvxHiFekO:V50MiofSrZlI0AilFEvxHis
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 1.exe File opened for modification C:\Windows\assembly\Desktop.ini 1.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\assembly 1.exe File created C:\Windows\assembly\Desktop.ini 1.exe File opened for modification C:\Windows\assembly\Desktop.ini 1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4276 wrote to memory of 4540 4276 1.exe 87 PID 4276 wrote to memory of 4540 4276 1.exe 87 PID 4540 wrote to memory of 2112 4540 csc.exe 89 PID 4540 wrote to memory of 2112 4540 csc.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\1.exe"C:\Users\Admin\AppData\Local\Temp\1.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4276 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\7fmmfm5q.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:4540 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9BE3.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9BE2.tmp"3⤵PID:2112
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD52b0db1c8d9cfa3421e08be69070bfd29
SHA17be5d7beeab72c9a2e26474bc78b2cee332f7fd0
SHA25640dc7228f66b129db11148ff25a30edb89750c67dbcc0283e502cd2916f244c4
SHA512a02250d2d285b6803b2eeddab57875e79ffa328189f3ee17876e81cc4511b9e6032c56c8271b8f0cf52be6fadeb8ca9f195e4a1bd92b2957170daf77af6e602a
-
Filesize
1KB
MD5d6103eda4fa8e8e7c85fd53d59df9175
SHA1ecde491894d663b3a6e4dcfa59d5aaea74cedd42
SHA256799231ba61c851af790ca1466174c269715ab80c04df98b4bc624198a5b33363
SHA5124e3491b600e9a4db4ac31ab6e56bc6448e223800621e8dc0d8196c46013136a3f7f8078c49f937b2cd996f89e098e75f79c7507d0e3e0d482406ebc9d0fb93ff
-
Filesize
208KB
MD56a68b8f21d5bd6366bc1289691c2dbb9
SHA1c2de5aa4ef7a7012e6299a6983bffcf55b245acb
SHA256418723ac79f8c65184a71344edbd4fe384f7cc196abd7058339ac17de89f5de7
SHA5120827e72464eced817313efdf11f1bc33574232afe33c16826db108de08f632dcbc43832df3587449405773df7256354f5a68063878f377fb7f61820e0cc30dcb
-
Filesize
349B
MD50bc7fab807af25ba3f45bd120c2af8a0
SHA1b32014702ab65a0312213d05752814ba78f9dd85
SHA256e99c033f47202eedd386f3591714f3e8bd2f09bd7d2dc2e0625cc9d5d4e5fa06
SHA5129ad112070df8c80f5a276c172964174b38ba217f0fd397943f97a23386561848cae911d77a15ac9ec21084fb69e61e44e447429cf05c6565d2ad82dca143aada
-
Filesize
676B
MD547a9eea0641253a39fdc57550c5b052b
SHA14dc0f661cf0b11ddb1ec5c3038b5048677c287e3
SHA256e638948a6a6a470931649ab75454e592977d22ffedcf3efa2d548b19b2ca3c40
SHA512e40719fa7bfe7e00fb6c899a1b69a33b5ad09a843a98a3ac361d8b4a6c80a846221028a36ea92c369f6e0da1f7cb107227bcb4c4e940ffc64561d6f3dd24f5a0