738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839

Analysis

max time kernel
80s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839.exe
Size

18KB
MD5

97dcc958c9c699574fa35bb2b87bb8e0
SHA1

d9e1e4de4335dfdc5988218630fca5c0629ce6ad
SHA256

738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839
SHA512

1e37b819ec236e36afb1eb8a925e244e89030d1009ded7eaa4014f441b3e99d43d5e2e18174f942a27a5dd44348ce86de518c723c7e45be95c4ba51698023179
SSDEEP

384:40bnMB5uTgbr06Knxj2GhmLTkK6aHv++:T45dr06s2GATt

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2732	2216	738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839.exe	31
PID 2216 wrote to memory of 2732	2216	738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839.exe	31
PID 2216 wrote to memory of 2732	2216	738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839.exe	31
PID 2732 wrote to memory of 2948	2732	csc.exe	32
PID 2732 wrote to memory of 2948	2732	csc.exe	32
PID 2732 wrote to memory of 2948	2732	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839.exe
"C:\Users\Admin\AppData\Local\Temp\738b22e59054836b4059e771c90f930cb823e04147b6d7b10c89aa333b62e839.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\falfkpst\falfkpst.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7713.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC474172D548A94533A120B8BE8C473158.TMP"
    3⤵
    PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5daf2e00-39d0-4390-b11d-b009a004ad3b.exe

Filesize
18KB

MD5
582f68b36f0978f2d6952688b0e80461

SHA1
916a204d576822129052ad44b7a4f36e8af2017e

SHA256
847ce1ae43b15928339d2face736394b927730ce2b4da86c677178621263bb67

SHA512
d362647682d5248c94e687e9c4702d49348c6b796b994a36d29db2dc38c8a78e275b19c5562748362258d317faad129e9b51285b981f386f1afd7873c50afb4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7713.tmp

Filesize
1KB

MD5
214105ea375248d8aeb54d53d3d42f6e

SHA1
18eb5e2c3b938a8b9236ea4617b7ea0f83b70cec

SHA256
6b832725e40710a677f3f3ea09a095ba3cbbd18f9e948561fd5d2d59d92e01c8

SHA512
604e1a4b7b25a71cea29728cfcaa98219043791ba09a7860ec148843595db4bcad2778bb4932135b180faf8e014c72b061b008464ff1036ba8bda13ee01ce650

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC474172D548A94533A120B8BE8C473158.TMP

Filesize
1KB

MD5
6452b8dc4ecdcbad7b07cd5973a9b3d3

SHA1
1a0b7a4be84bfdab8e37db884f8cf0bd1b439a04

SHA256
b216438afe6e6d30ee65242baf43eacb31754eaae0e79f1fb7d193d4128313ec

SHA512
6c29095d4e403f378c53fcaa4e5e5ce4e7dd6aec8ed593465e0bdb5cc5c1ba870e77c5a90c639cd4a00757ad5ff53a4850d6492856dd69eaef4d13cc574e7a26

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\falfkpst\falfkpst.0.cs

Filesize
41KB

MD5
34771919bceaee246a5550a2835e2ba2

SHA1
fa0e70360aa9d2fad2a20fc187afdcb5c4eed121

SHA256
1ca3d69664a372793b2cfeffea476b7a90bbe34dd1ddb475d7d592d546d60cec

SHA512
967319efa747e15ea41101864ae20665f7e500e10c930ee885fbda9e4742a4d5164f9deba39dadd33997c35556cea483a9bb363e57cb76d7d3196b7bf10e80e5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\falfkpst\falfkpst.cmdline

Filesize
377B

MD5
8abbb4dedb927b09385852eacc057fb7

SHA1
e3bc36c417ea8d192654596a9a7e07a98d39dc23

SHA256
0f93b5b0b8f94eedbb6a53af793df287395ab6db12daf4ccf2ce58d06d4c83f8

SHA512
a3f5f92369d9d6d583c73fa549f7798745eb348b76aac12a7bd08e7c59ce871cee92d4a20445a0bff0e5cead821a080b63cc3fd7f87979cc26cbdb08a4774dfe

Download Submit
memory/2216-0-0x000007FEF4F03000-0x000007FEF4F04000-memory.dmp

Filesize
4KB

Download
memory/2216-1-0x00000000008C0000-0x00000000008CA000-memory.dmp

Filesize
40KB

Download
memory/2216-2-0x000007FEF4F00000-0x000007FEF58EC000-memory.dmp

Filesize
9.9MB

Download
memory/2216-16-0x0000000000540000-0x000000000054A000-memory.dmp

Filesize
40KB

Download
memory/2216-18-0x000007FEF4F03000-0x000007FEF4F04000-memory.dmp

Filesize
4KB

Download
memory/2216-19-0x000007FEF4F00000-0x000007FEF58EC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads