9737c963c888d2df3b767ef7c77265c47decabc4b71210146be9e9f81914ecf0 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 12:11

Sharing

Report Analysis Logs

General

Target

csc.exe
Size

56KB
MD5

0d26d99bd550e9b08c9c9d4ce3636df6
SHA1

9de4dc9e25a14b8fa6c199cf6bfa1df66b19a81b
SHA256

965bb8e7822d62e4355362aee29031737ab83b22eeb620814e9e3fd7e0f6672a
SHA512

9448c0c17d7bf78019302c4f62eee591785f5ba5e870f9e0f73f2e82206a2000cfca33ed319f7732ac6ad1373795be94d119363de91d07e4f73a0952694b339b
SSDEEP

768:FpdhYE3ClRJdWgSH+uXK52qRl2wwH2jsBMtDqxmheMnS1yWbEj:L3ClftSH5w2qXQ2oMtDqxmQMnS8mY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2732	2644	csc.exe	31
PID 2644 wrote to memory of 2732	2644	csc.exe	31
PID 2644 wrote to memory of 2732	2644	csc.exe	31
PID 2732 wrote to memory of 2684	2732	cmd.exe	32
PID 2732 wrote to memory of 2684	2732	cmd.exe	32
PID 2732 wrote to memory of 2684	2732	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\csc.exe
"C:\Users\Admin\AppData\Local\Temp\csc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c calc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Windows\system32\calc.exe
    calc
    3⤵
    PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2644-0-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

Filesize
4KB

Download
memory/2644-1-0x0000000000120000-0x0000000000132000-memory.dmp

Filesize
72KB

Download
memory/2644-2-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

Filesize
4KB

Download