481449cf6fc783f0ec2057882640f1952ceaf8c34ddcd26ed76d20654cb30374

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123123123qw3qew.exe
Size

903KB
MD5

ac40df4b922b8476be86ce4f3b4576d1
SHA1

b7b4ba3424288ae52178b0190574b252a7f9cdbe
SHA256

481449cf6fc783f0ec2057882640f1952ceaf8c34ddcd26ed76d20654cb30374
SHA512

579e71de8c28d0eebcb7324e298d110837f9d41423a77576fef21ee4044fe584c280b4c82a9c3da083885404b0148cc81b15d0b2f0b16bcc23407c91ee9966ab
SSDEEP

12288:hTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBu:xqI4MROxnFMLqrZlI0AilFEvxHi9B

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

123123123qw3qew.execsc.exe

description	pid	process	target process
PID 2316 wrote to memory of 3016	2316	123123123qw3qew.exe	csc.exe
PID 2316 wrote to memory of 3016	2316	123123123qw3qew.exe	csc.exe
PID 2316 wrote to memory of 3016	2316	123123123qw3qew.exe	csc.exe
PID 3016 wrote to memory of 2880	3016	csc.exe	cvtres.exe
PID 3016 wrote to memory of 2880	3016	csc.exe	cvtres.exe
PID 3016 wrote to memory of 2880	3016	csc.exe	cvtres.exe

C:\Users\Admin\AppData\Local\Temp\123123123qw3qew.exe
"C:\Users\Admin\AppData\Local\Temp\123123123qw3qew.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\k_zidsu6.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE071.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCE070.tmp"
    3⤵
    PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESE071.tmp

Filesize
1KB

MD5
4293072644a6aae9e8f4b31cc47e9396

SHA1
6325bc9fbf0e056299498d723e58577fa7d3347f

SHA256
d1c707f0a882a8c3ae6df2d9c2240d19e296e46fbb2768fb84de711cb32dd7d7

SHA512
9c3318dc971fc7c4ac11c94c446a425a9d8d611b75830fddb6c6fdefc1aeaef1d6c4041f48ec3f7850d91748c5683d7f596052eea45689586e30ccc5695ea7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\k_zidsu6.dll

Filesize
76KB

MD5
7eb93354cbca7328c21aaa0a274231e9

SHA1
867267500505da757a1c91772c999027c5104069

SHA256
c30426a6cfb59b694397f48664da6cb06ec21b421dfd91ca794c03dd01cfded4

SHA512
ec0f1023d70a1a8e1b9d57a5aee212d32c96ff07d3b0d7762aefe0eed63ef5b629d7497fc9148cf219f492853b1e66e6ca41ff22f0f40370f07df7765ebabf22

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCE070.tmp

Filesize
676B

MD5
49f20527611b098cd4701605b59d5024

SHA1
c4aaa258bd4366c486b47ed5b51bc7e3c7c6a942

SHA256
ea15786f87069d5feb8efaeeef1820ddeeb6e059b2d8f8341610e748f71348ac

SHA512
c9db6f2feacd8ad8e2a4455b706cc3c81a76e8dd94561bbf4a8dab404d754a50b4cd14336dbd966f76250224b5f9c9b8044e40748ab3d9f807313fc3221382cd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\k_zidsu6.0.cs

Filesize
208KB

MD5
2b14ae8b54d216abf4d228493ceca44a

SHA1
d134351498e4273e9d6391153e35416bc743adef

SHA256
4e1cc3da1f7bf92773aae6cffa6d61bfc3e25aead3ad947f6215f93a053f346c

SHA512
5761b605add10ae3ef80f3b8706c8241b4e8abe4ac3ce36b7be8a97d08b08da5a72fedd5e976b3c9e1c463613a943ebb5d323e6a075ef6c7c3b1abdc0d53ac05

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\k_zidsu6.cmdline

Filesize
349B

MD5
67aff7ad0df93b7ae7c1f65c09bdd1be

SHA1
9ff05949649cc9ac11fb68ac0b4913c5216eae51

SHA256
8393e4a0a921a06b1118b27179c87628b4fb2e6a820486b7bdcd27362554f4e7

SHA512
08f16b21995603f3bbe455139c0748064c1803af8384bf8e6121dd3e373b3aa22b3f7e3f03f27d1d0820c7be58bc06cbdca727e489d288b47e05731526824101

Download Submit
memory/2316-20-0x0000000000960000-0x0000000000972000-memory.dmp

Filesize
72KB

Download
memory/2316-4-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2316-1-0x00000000023B0000-0x000000000240C000-memory.dmp

Filesize
368KB

Download
memory/2316-2-0x0000000000510000-0x000000000051E000-memory.dmp

Filesize
56KB

Download
memory/2316-3-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2316-18-0x0000000000D90000-0x0000000000DA6000-memory.dmp

Filesize
88KB

Download
memory/2316-0-0x000007FEF5D1E000-0x000007FEF5D1F000-memory.dmp

Filesize
4KB

Download
memory/2316-21-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2316-22-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2316-23-0x000007FEF5D1E000-0x000007FEF5D1F000-memory.dmp

Filesize
4KB

Download
memory/3016-16-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/3016-24-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download