f053cf0164ed9a1c81f220ae3d1002acb7d4fb0154ee9e08588a6d24f84a24f1

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123123.exe
Size

903KB
MD5

be600c84c2975ab640487f7d896080d8
SHA1

6eb2dbaace9f52f08000908c82b02827ca401838
SHA256

f053cf0164ed9a1c81f220ae3d1002acb7d4fb0154ee9e08588a6d24f84a24f1
SHA512

9b5c0aaa3dbd61f8d2aaecb2b44de0d1bb47e72f42bd63d3f46b7c95feeed2271ed5ee497e27da5ca09dbd4429a08230c8a5f4bd1fef9b71024dd33e5f95fadb
SSDEEP

12288:g8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvB0:R3s4MROxnF9LqrZlI0AilFEvxHi+o

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2468	2520	123123.exe	30
PID 2520 wrote to memory of 2468	2520	123123.exe	30
PID 2520 wrote to memory of 2468	2520	123123.exe	30
PID 2468 wrote to memory of 2908	2468	csc.exe	32
PID 2468 wrote to memory of 2908	2468	csc.exe	32
PID 2468 wrote to memory of 2908	2468	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\123123.exe
"C:\Users\Admin\AppData\Local\Temp\123123.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\laaqux6c.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES848C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC848B.tmp"
    3⤵
    PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES848C.tmp

Filesize
1KB

MD5
fd0fc87af62c2e618ac831704d9de37a

SHA1
0caa1d279382141652bcf414ef3ed620fbc261f5

SHA256
e0f7bb7628f3e816831ee71a7786fc38e5736cbc27851684fee5996a1f60bda5

SHA512
eb0630f014021e47e500a9da67e463db06889dc063706fdd85a1a5a7bf6fa64c842385fa3f1098c701737498ae12d2b62a75226ba209627936e48bbda5d77fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\laaqux6c.dll

Filesize
76KB

MD5
ed8c5ef007ffd2ceb29d7531b70e9d6d

SHA1
3ffead345af2db9966bb8cd108e50a27e705051e

SHA256
41b091533eaac916bb8eabe95fc47999fd13f89895e5fdf69d05ac839351c255

SHA512
09beb7779d101d07cb4489ecc440d998f1c912a57cb56d8e5eac42eba7203c698f45bdd846fba1d55f60f27cce2a1e738ddab2123e85d27bf7dd4a9204d90e3c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC848B.tmp

Filesize
676B

MD5
b313d0493bddca67598caff699eea581

SHA1
989cff90f969ec4352834a0b8683034394d44bd1

SHA256
e13e55656206f0fc1f69deff07616cee384cba991247896aca166b121e946a7e

SHA512
bfda6a545429aa1ced9748caca092c094cba40e804562a6e097a6cc278a3457ba22adb45bc94c74a11cbb066b866d32643448a87285bdf179d27bb40dc6add7d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\laaqux6c.0.cs

Filesize
208KB

MD5
c555d9796194c1d9a1310a05a2264e08

SHA1
82641fc4938680519c3b2e925e05e1001cbd71d7

SHA256
ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a

SHA512
0b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\laaqux6c.cmdline

Filesize
349B

MD5
e40f1db0370841a1b419938864f8fdc9

SHA1
ed277d45c380303f36557a24d7aba44165627355

SHA256
c7426cd41023d875cc4972bbe6de0ac023113aa38a1e808984a2911c4120bb11

SHA512
23aa8881dabc55024bd0e123e88f6036fd1cb356273c8a88ca95a82233c07c5c9cf6f8070fae3ddfeef0598cd1576ebec96e4857ab4b0a9965e75bd5ec969a96

Download Submit
memory/2468-24-0x000007FEF4D20000-0x000007FEF56BD000-memory.dmp

Filesize
9.6MB

Download
memory/2468-16-0x000007FEF4D20000-0x000007FEF56BD000-memory.dmp

Filesize
9.6MB

Download
memory/2520-4-0x000007FEF4D20000-0x000007FEF56BD000-memory.dmp

Filesize
9.6MB

Download
memory/2520-0-0x000007FEF4FDE000-0x000007FEF4FDF000-memory.dmp

Filesize
4KB

Download
memory/2520-1-0x000000001AE60000-0x000000001AEBC000-memory.dmp

Filesize
368KB

Download
memory/2520-2-0x0000000000510000-0x000000000051E000-memory.dmp

Filesize
56KB

Download
memory/2520-18-0x0000000000D10000-0x0000000000D26000-memory.dmp

Filesize
88KB

Download
memory/2520-20-0x0000000000550000-0x0000000000562000-memory.dmp

Filesize
72KB

Download
memory/2520-21-0x000007FEF4D20000-0x000007FEF56BD000-memory.dmp

Filesize
9.6MB

Download
memory/2520-22-0x000007FEF4FDE000-0x000007FEF4FDF000-memory.dmp

Filesize
4KB

Download
memory/2520-23-0x000007FEF4D20000-0x000007FEF56BD000-memory.dmp

Filesize
9.6MB

Download
memory/2520-3-0x000007FEF4D20000-0x000007FEF56BD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads