73e5c9ee757cdc4612403ed222d05a4e1146d9c7377768f56f8bb2784a4cc659

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123123123123.exe
Size

903KB
MD5

9973c0b7a3f69b5c001ecc09f6cddae4
SHA1

e54f59b0ceb530edbb961854f54942666b812360
SHA256

73e5c9ee757cdc4612403ed222d05a4e1146d9c7377768f56f8bb2784a4cc659
SHA512

b6011b823fda39cbbdcc868c2d9399b11b1d9fb88e6ac7fd5db5e185a763f3c7cdc4e5af2366a19d367ca7a6599ff06ebb020bac9f1559bfbed0aa02050bfca1
SSDEEP

12288:HTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBg:DqI4MROxnFMLqrZlI0AilFEvxHiOuB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

123123123123.execsc.exe

description	pid	Process	procid_target
PID 2972 wrote to memory of 2368	2972	123123123123.exe	30
PID 2972 wrote to memory of 2368	2972	123123123123.exe	30
PID 2972 wrote to memory of 2368	2972	123123123123.exe	30
PID 2368 wrote to memory of 3056	2368	csc.exe	32
PID 2368 wrote to memory of 3056	2368	csc.exe	32
PID 2368 wrote to memory of 3056	2368	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\123123123123.exe
"C:\Users\Admin\AppData\Local\Temp\123123123123.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\eg7ua2hf.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAD31.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCAD30.tmp"
    3⤵
    PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESAD31.tmp

Filesize
1KB

MD5
39de71605b619daf2f244718aa816b27

SHA1
6f0aab1e17cf1fdf81bddb6748b289d86ea7ae64

SHA256
78eaa52136ba2e8832919dffd19f8072050eac84a6feb51fa3c714e35d3b3aba

SHA512
9178e1927f03fa955fa87863d963977836fa1601f64e57547793d30b521ab0a217044ab65674ef924350b45b38594710a44e63152b7105c4fc0dc3851ea4e646

Download Submit
C:\Users\Admin\AppData\Local\Temp\eg7ua2hf.dll

Filesize
76KB

MD5
d7a040893e82b5e372f5c8f0a953ec57

SHA1
8ecf591b208dfdff39fdee6313cbfafe6be813bb

SHA256
6e902811d2a56e33ec06d970c02154b42e5887685ef1cb7128ae0ac2917d6e4b

SHA512
172486e11ed2b6df952b2a81a57a465d41de4863fb7f22a69811aa17473530407c8ac20ab7459b4e47942095d1bd05b924f0017ee5cd6f738e05a01a733468b4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCAD30.tmp

Filesize
676B

MD5
7dde7b940dfdfae4c8fa80640f63b2cd

SHA1
b9270832e5a9973ceffe647f6a70eebf76c32c7a

SHA256
35344a7698afde098fdadcdb1b8633d374b46ebcbc265653c285b4a81de14b93

SHA512
4f1e975bb59282471c772085db79622a23f6b929304d1e53418c647be05764fa6665ab4590e53ae7fca1101a9d8ad929762a6e2f2af6cad38cfd6ee20e2aa1d6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\eg7ua2hf.0.cs

Filesize
208KB

MD5
c555d9796194c1d9a1310a05a2264e08

SHA1
82641fc4938680519c3b2e925e05e1001cbd71d7

SHA256
ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a

SHA512
0b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\eg7ua2hf.cmdline

Filesize
349B

MD5
5a1b90b9a761149af2c4f592b39ca582

SHA1
91b944c421fd17fdbd748ed9ec5418aa383e35e1

SHA256
b4e984dea2313d5b854ab9e112fb6d3a347a26ad882059d7e2bd2b17a21f4846

SHA512
8a3fd83bc987f816765d3da549e1c3eb1dfa1a49472952d224e5949bfec606d2ff33d1ca192bdc9670b77cee4606f2c7ec73211b931654b00c823009ba748287

Download Submit
memory/2368-17-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2368-12-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2972-4-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2972-3-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2972-1-0x0000000001F20000-0x0000000001F7C000-memory.dmp

Filesize
368KB

Download
memory/2972-19-0x0000000001F80000-0x0000000001F96000-memory.dmp

Filesize
88KB

Download
memory/2972-2-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2972-0-0x000007FEF601E000-0x000007FEF601F000-memory.dmp

Filesize
4KB

Download
memory/2972-21-0x00000000006C0000-0x00000000006D2000-memory.dmp

Filesize
72KB

Download
memory/2972-22-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2972-23-0x000007FEF601E000-0x000007FEF601F000-memory.dmp

Filesize
4KB

Download
memory/2972-24-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download