481449cf6fc783f0ec2057882640f1952ceaf8c34ddcd26ed76d20654cb30374

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123123123qw3qew.exe
Size

903KB
MD5

ac40df4b922b8476be86ce4f3b4576d1
SHA1

b7b4ba3424288ae52178b0190574b252a7f9cdbe
SHA256

481449cf6fc783f0ec2057882640f1952ceaf8c34ddcd26ed76d20654cb30374
SHA512

579e71de8c28d0eebcb7324e298d110837f9d41423a77576fef21ee4044fe584c280b4c82a9c3da083885404b0148cc81b15d0b2f0b16bcc23407c91ee9966ab
SSDEEP

12288:hTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBu:xqI4MROxnFMLqrZlI0AilFEvxHi9B

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

123123123qw3qew.execsc.exe

description	pid	process	target process
PID 2252 wrote to memory of 2756	2252	123123123qw3qew.exe	csc.exe
PID 2252 wrote to memory of 2756	2252	123123123qw3qew.exe	csc.exe
PID 2252 wrote to memory of 2756	2252	123123123qw3qew.exe	csc.exe
PID 2756 wrote to memory of 2708	2756	csc.exe	cvtres.exe
PID 2756 wrote to memory of 2708	2756	csc.exe	cvtres.exe
PID 2756 wrote to memory of 2708	2756	csc.exe	cvtres.exe

C:\Users\Admin\AppData\Local\Temp\123123123qw3qew.exe
"C:\Users\Admin\AppData\Local\Temp\123123123qw3qew.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\e8-bh-yf.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4F1B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4F1A.tmp"
    3⤵
    PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES4F1B.tmp

Filesize
1KB

MD5
d05ed5e0d8067259675a445d1cdbf847

SHA1
395469a974fa0b4ec82c38da7ddfec41023af5e4

SHA256
0efdf26effafa4e276e3673b50d0d6ad7634959ce0b0f2f2ea9cf09563d2a078

SHA512
877de64245485acc6410f26f65e85dbcb7e13048fc2cfae9cd78584365cda61abf42873e83c2b5050beb1284c2f4dd1ba686e825e0fcbe54df7174a5c8285c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\e8-bh-yf.dll

Filesize
76KB

MD5
6603d4bcf466b13f7171edb679f4e263

SHA1
0d7113dd84d2941982c6853226bd55362be454bf

SHA256
825829db9b22eda5ec18245b930e2f612057fd202db0af057d339fbb12fa87c1

SHA512
950fbf16968807e83329039b7860a409dfc662424915674ca752376e74711a8528006005eaf5eb5b0fbdf55f1ed7484dde6a3e811c008bae513d29f638f9ac2b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC4F1A.tmp

Filesize
676B

MD5
0e7ba77257fd74171024d81ca7abd517

SHA1
849c9046b51dddc5c6c6005e08d7e70aac86a84e

SHA256
17e2b678b0832981deb0f0f09969a78692cc2f60e98978019c3e0089ce745d33

SHA512
2345c4952169fa3e00255fa53e5724bfed8e890a5051156627b550a4369c2ee7b9dfbd506b085d6bf409ab8b6dd6180cd2196245ae5f78d4517553356fc5755f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\e8-bh-yf.0.cs

Filesize
208KB

MD5
dbbc983aa30b3470b40197cce6d24629

SHA1
79395d5a5140d4c23c1fee0ec3164f09cede9b13

SHA256
d8f3f98ddd140f28dcee600589d8052c89c3d86b605fa2f106e9924344d9c462

SHA512
4ee338f0a9842076ca0d02025600949a49ac2330e350609887f354d01c7226fc421168a35f2359e9d337c75b0aa3a11e3aadf5777249ccf1f2c92c04fef0b1af

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\e8-bh-yf.cmdline

Filesize
349B

MD5
7fe60ab4a87533e0ceccf38dae084ada

SHA1
9e4b2c9643274ceb7c93ae26ff3ecc9e5f757056

SHA256
7e5ea7e28d7e8888d92e3cca82063cecb00b04c00229c840b3a0fd6782b191f1

SHA512
7deda40c4e91f0d72a746ff6696408caf6a8c9ce581d41ecd2096b03f7235e19b491bdcc56852689c2b0efe63d7a7d96b1d07805ddfae570dcc14c10a7efdfad

Download Submit
memory/2252-4-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2252-0-0x000007FEF565E000-0x000007FEF565F000-memory.dmp

Filesize
4KB

Download
memory/2252-3-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2252-2-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2252-1-0x00000000005E0000-0x000000000063C000-memory.dmp

Filesize
368KB

Download
memory/2252-18-0x0000000000A90000-0x0000000000AA6000-memory.dmp

Filesize
88KB

Download
memory/2252-20-0x0000000000440000-0x0000000000452000-memory.dmp

Filesize
72KB

Download
memory/2252-21-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2252-22-0x000007FEF565E000-0x000007FEF565F000-memory.dmp

Filesize
4KB

Download
memory/2252-23-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2756-16-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2756-24-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download