Analysis
-
max time kernel
10s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-09-2024 09:42
Static task
static1
Behavioral task
behavioral1
Sample
CRYPTSP.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
CRYPTSP.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
csc.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
csc.exe
Resource
win10v2004-20240802-en
General
-
Target
csc.exe
-
Size
56KB
-
MD5
0d26d99bd550e9b08c9c9d4ce3636df6
-
SHA1
9de4dc9e25a14b8fa6c199cf6bfa1df66b19a81b
-
SHA256
965bb8e7822d62e4355362aee29031737ab83b22eeb620814e9e3fd7e0f6672a
-
SHA512
9448c0c17d7bf78019302c4f62eee591785f5ba5e870f9e0f73f2e82206a2000cfca33ed319f7732ac6ad1373795be94d119363de91d07e4f73a0952694b339b
-
SSDEEP
768:FpdhYE3ClRJdWgSH+uXK52qRl2wwH2jsBMtDqxmheMnS1yWbEj:L3ClftSH5w2qXQ2oMtDqxmQMnS8mY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1120 wrote to memory of 2452 1120 csc.exe 30 PID 1120 wrote to memory of 2452 1120 csc.exe 30 PID 1120 wrote to memory of 2452 1120 csc.exe 30 PID 2452 wrote to memory of 2740 2452 cmd.exe 31 PID 2452 wrote to memory of 2740 2452 cmd.exe 31 PID 2452 wrote to memory of 2740 2452 cmd.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\csc.exe"C:\Users\Admin\AppData\Local\Temp\csc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c calc2⤵
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Windows\system32\calc.execalc3⤵PID:2740
-
-