d55cb8d9ad30078be362414186e4e065394430c3c0b0fa83f06922f59d288a63

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

example.exe
Size

903KB
MD5

de87df65430d0f19436429db542fe5b0
SHA1

bd4026365cbb6d4a7ea8b17a8fea83ab2e7a6037
SHA256

d55cb8d9ad30078be362414186e4e065394430c3c0b0fa83f06922f59d288a63
SHA512

325a50723fbcf82df0a22bc7c68177bd7f9df25a155f204439a27d9aafcd089a8963020b4f8800da8bd444ec7481b5976f717ef7630aa2588dc9cb95c6c46c02
SSDEEP

12288:sTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBO:CqI4MROxnFMLqrZlI0AilFEvxHi5B

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

example.execsc.exe

description	pid	Process	procid_target
PID 2388 wrote to memory of 2552	2388	example.exe	30
PID 2388 wrote to memory of 2552	2388	example.exe	30
PID 2388 wrote to memory of 2552	2388	example.exe	30
PID 2552 wrote to memory of 1644	2552	csc.exe	32
PID 2552 wrote to memory of 1644	2552	csc.exe	32
PID 2552 wrote to memory of 1644	2552	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\example.exe
"C:\Users\Admin\AppData\Local\Temp\example.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\u6oawt9w.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA352.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA351.tmp"
    3⤵
    PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESA352.tmp

Filesize
1KB

MD5
f33c7d134fcd5713a14b2db7efd2b202

SHA1
f2243696ceb959c8b68364ad1050b79fe207f832

SHA256
cc4a1263672bfa29f516b90649022644473b5d107bf351f61f3e5e9ac8dca44f

SHA512
fbf94f3266aab3adf7f04165f27c28818cef5899b5abed1a776b60857e87c5776c0d97b04f0d4d4b6daee5e8798ec7a6e8c9f9e49ba42d5242ed28b2b48997f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\u6oawt9w.dll

Filesize
76KB

MD5
8e432c4551d04f15c29ee2af3d1bcd98

SHA1
b7232add3dad086fc974fe6540b5826623dbb040

SHA256
86f40ddd17578c6f975e1507647a8fcbb13efdeb075453ae67322822fc1f3286

SHA512
7e86f20ac2e60ec4b072fc54136b8b6f73871430e0bac0b391d30cce4de2a754be3557179a8bc0de57d7a851a35d01f870da5ffffadb570355325f28f60fde67

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCA351.tmp

Filesize
676B

MD5
fd588d5202adc7d99ec630001c480742

SHA1
061aa7a9b401fdf8b5658b365386541467c9fe68

SHA256
83ab1bdf4a1cbbf5babb6c6433f9480208ca92b3f3b115b72493ccf2824a1d32

SHA512
67cae98aa03c3bcec56ee6aef06604e4276206f4a3e5b0dc3115a5855dac527d0d9a90a8d85456386da3af4f3ee4092f2608633837580027a7813b56a9129f86

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\u6oawt9w.0.cs

Filesize
208KB

MD5
250321226bbc2a616d91e1c82cb4ab2b

SHA1
7cffd0b2e9c842865d8961386ab8fcfac8d04173

SHA256
ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d

SHA512
bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\u6oawt9w.cmdline

Filesize
349B

MD5
1bec05b49e6c556f1693356a3abe2445

SHA1
aed7a43673704797204f39a59705c8f62c517ebf

SHA256
41764b70b7da021ed121acaee66c979747499e33b2f7b0822a3483bb3d7fc47f

SHA512
95e04e55e570f767ae804ce71ac5ef003bacd71906cb65ab533912d446b7f5530a2ee8328ab4b38900a553739cbab209af6fae1193d3c9113fcdcc10313e81f0

Download Submit
memory/2388-4-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download
memory/2388-0-0x000007FEF5DCE000-0x000007FEF5DCF000-memory.dmp

Filesize
4KB

Download
memory/2388-3-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download
memory/2388-1-0x0000000001180000-0x00000000011DC000-memory.dmp

Filesize
368KB

Download
memory/2388-19-0x0000000001310000-0x0000000001326000-memory.dmp

Filesize
88KB

Download
memory/2388-2-0x0000000000520000-0x000000000052E000-memory.dmp

Filesize
56KB

Download
memory/2388-21-0x00000000005C0000-0x00000000005D2000-memory.dmp

Filesize
72KB

Download
memory/2388-22-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download
memory/2388-23-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download
memory/2388-24-0x000007FEF5DCE000-0x000007FEF5DCF000-memory.dmp

Filesize
4KB

Download
memory/2552-13-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download
memory/2552-17-0x000007FEF5B10000-0x000007FEF64AD000-memory.dmp

Filesize
9.6MB

Download