d55cb8d9ad30078be362414186e4e065394430c3c0b0fa83f06922f59d288a63

Analysis

max time kernel
358s
max time network
359s
platform
windows7_x64
resource
win7-20240708-ja
resource tags

arch:x64arch:x86image:win7-20240708-jalocale:ja-jpos:windows7-x64systemwindows
submitted
19-09-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

example.exe
Size

903KB
MD5

de87df65430d0f19436429db542fe5b0
SHA1

bd4026365cbb6d4a7ea8b17a8fea83ab2e7a6037
SHA256

d55cb8d9ad30078be362414186e4e065394430c3c0b0fa83f06922f59d288a63
SHA512

325a50723fbcf82df0a22bc7c68177bd7f9df25a155f204439a27d9aafcd089a8963020b4f8800da8bd444ec7481b5976f717ef7630aa2588dc9cb95c6c46c02
SSDEEP

12288:sTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBO:CqI4MROxnFMLqrZlI0AilFEvxHi5B

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2056	2536	example.exe	30
PID 2536 wrote to memory of 2056	2536	example.exe	30
PID 2536 wrote to memory of 2056	2536	example.exe	30
PID 2056 wrote to memory of 1996	2056	csc.exe	32
PID 2056 wrote to memory of 1996	2056	csc.exe	32
PID 2056 wrote to memory of 1996	2056	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\example.exe
"C:\Users\Admin\AppData\Local\Temp\example.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rloafndl.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8D81.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8D80.tmp"
    3⤵
    PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES8D81.tmp

Filesize
1KB

MD5
54abe27f410c21eac90c4b46fc8e08dc

SHA1
5c65448e3d2bdad435c2879d0287dd649d800695

SHA256
2104ddf639b8b00a37f2a340a5722dfccec1291703f9f1529ac35a2966e49621

SHA512
82869b6100b6817a618869cab66e8ffe8b2d48ab93d6d4a72c42c95bbbf7b0b32c18756c2e1d24a60cdee0c003b4b5b548c0e7cdf79216eed797b42f2192cffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\rloafndl.dll

Filesize
76KB

MD5
529ca57f50964f2dac58261caa14d53b

SHA1
58dcdaddd860e70bc04d33a7e04469b2e111c4e1

SHA256
fd101c379afec1f811c7f55d4179c6ca12f7e3b67e0c529aed28000b5f7adfcb

SHA512
d21a0e8c2610fc05fbea2ce2bb39d1586790d6545ef5afb75fc79bd3ae98e8c3c66c04fd724097db18facd603f9df4ddc74bdffd2051eb2234171adb9daa8d86

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC8D80.tmp

Filesize
676B

MD5
c0341326d3b8e9337d275166bef575d2

SHA1
06cf9c62a11735f4e24d3c279a85710a16575508

SHA256
2e57543830d54ad4a98ce93b252aab3a3bcb1dc4308b246ff8201ef35d4248cf

SHA512
3c691e372f03a324bf0b09593b47f2352c62342bb7a005983ca7028872d88b5f275c265c5d667f88562cba95121603e8fa7b763e5fcba80799e3c7bc13b18cb1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rloafndl.0.cs

Filesize
208KB

MD5
2739ac32fcb63e5348287a6baf0238fd

SHA1
368181ed0f4e6b0d3800ad3298f270d5c4a35309

SHA256
63c9e2349d220de791f472e5466c9ae99c16a985e2b3080c87cbfc48f3224fa5

SHA512
3a1aa26c215f7d163c93ab115b97cf5df705948203d017ea73793d3ea4679119227b9de11d7f488e3664742f4e7addf2de62e36e59a863050c70d3e8c6f82fd0

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rloafndl.cmdline

Filesize
349B

MD5
198d4bcda40b41c6eb1d5cd7b3f814e9

SHA1
54647e70bcd4dfc34f0e4e654fcfe0bb8e232b75

SHA256
bdafa554b56f43257218118a733d60e49b484c080f0346163b0bd3ed6061fae1

SHA512
b1a30a859663484243293a8c2b8c32213789daa607731bd179171619e02e26e771dfc957167cd5aa14f815579a8d23395184d44cb132bd31850cd9108f3c2b45

Download Submit
memory/2056-13-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

Filesize
9.6MB

Download
memory/2056-17-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

Filesize
9.6MB

Download
memory/2536-4-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

Filesize
9.6MB

Download
memory/2536-0-0x000007FEF60DE000-0x000007FEF60DF000-memory.dmp

Filesize
4KB

Download
memory/2536-3-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

Filesize
9.6MB

Download
memory/2536-1-0x0000000000E00000-0x0000000000E5C000-memory.dmp

Filesize
368KB

Download
memory/2536-2-0x0000000000460000-0x000000000046E000-memory.dmp

Filesize
56KB

Download
memory/2536-19-0x0000000000E60000-0x0000000000E76000-memory.dmp

Filesize
88KB

Download
memory/2536-21-0x0000000000420000-0x0000000000432000-memory.dmp

Filesize
72KB

Download
memory/2536-22-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

Filesize
9.6MB

Download
memory/2536-23-0x000007FEF60DE000-0x000007FEF60DF000-memory.dmp

Filesize
4KB

Download
memory/2536-24-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads