e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-11-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc.exe
Size

903KB
MD5

50b929d34d4b8d8a1403372fa7c608cb
SHA1

a1edb9952c197496edc5455e5be1d8af886bf3ce
SHA256

e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc
SHA512

825a59aabe859826d43f60785d6592948cfbb971a669f10ffe51439ef23c301c06ab63e0929a30b8abb4be558410de7e7a3feac894a108d410472a18da6af39d
SSDEEP

12288:48shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvB1:J3s4MROxnF9LqrZlI0AilFEvxHiXo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2804	2484	e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc.exe	30
PID 2484 wrote to memory of 2804	2484	e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc.exe	30
PID 2484 wrote to memory of 2804	2484	e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc.exe	30
PID 2804 wrote to memory of 2732	2804	csc.exe	32
PID 2804 wrote to memory of 2732	2804	csc.exe	32
PID 2804 wrote to memory of 2732	2804	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc.exe
"C:\Users\Admin\AppData\Local\Temp\e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d5x8vkg8.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES77D0.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC77CF.tmp"
    3⤵
    PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES77D0.tmp

Filesize
1KB

MD5
ab4b1569c7da093f963687623f5086cd

SHA1
b29609bc0334808f993d423ce6f839dd8ab6c56f

SHA256
aa467a3b712fd64b7aa2e252f17a43c34a67d7c8a8ecd41078b7589bc2c55fe4

SHA512
a1d011e053d89abe7e4015e5396c904f0cc856dbf9d049b5605106725639f51ee6bd01bf84377134b2a5e9361559e26b706bdd8a314ab05d65728c5532624ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5x8vkg8.dll

Filesize
76KB

MD5
bf8b60de2ede41ad6dae4c21cc94523a

SHA1
1294dee3dad1f24318c5e69eb2fa856be7b1633e

SHA256
abb06102c81797bc9f1c6d92d148ddebc19431ee50816c883218f38322c55d5a

SHA512
c23ffd77e01fc43fd4b054aaa8975f064bdac1fcc138d4893f604fa8b06a2e5a5e22538bdfce7c6ca4f747996f168bc77b16bd7a1f9e231635188de9407e9633

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC77CF.tmp

Filesize
676B

MD5
c2509c98c9caa96e02b8d24eafcc7c6a

SHA1
4e63536b76148f81fe9f3ca81fbe70f88d9671a3

SHA256
506acc01add544e78e7c2b8e065397f1b8d8bcd595d4e2444c1e2c34aadac890

SHA512
066c6827b4294c2669660712cdde45c7c8041270e8416c5377d58b905bffa7f32d50ac6a1daab111eaadea30228dea43aadd8596d8cfe152f52902f15df05ef2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\d5x8vkg8.0.cs

Filesize
208KB

MD5
6011503497b1b9250a05debf9690e52c

SHA1
897aea61e9bffc82d7031f1b3da12fb83efc6d82

SHA256
08f42b8d57bb61bc8f9628c8a80953b06ca4149d50108083fca6dc26bdd49434

SHA512
604c33e82e8b5bb5c54389c2899c81e5482a06e69db08268173a5b4574327ee5de656d312011d07e50a2e398a4c9b0cd79029013f76e05e18cf67ce5a916ffd9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\d5x8vkg8.cmdline

Filesize
349B

MD5
abf28dda0c93c964c034d12768491134

SHA1
b6ca4c0a0b4372d451ac2002c9e90f93d5bd149d

SHA256
ec30c6a8b55f41592ea76cbea5d1f256daf017ea1ccca10f939807036da7a8a8

SHA512
38bd38f71772f6e7deaa5e96f3775a3e6b87c528c676f15c597a26af0362455f6a9564232266ec2e42d5516f5f15a0634b86dd046a2b7f5254ac5df1983b79d1

Download Submit
memory/2484-7-0x000007FEF5490000-0x000007FEF5E2D000-memory.dmp

Filesize
9.6MB

Download
memory/2484-0-0x000007FEF574E000-0x000007FEF574F000-memory.dmp

Filesize
4KB

Download
memory/2484-6-0x000007FEF5490000-0x000007FEF5E2D000-memory.dmp

Filesize
9.6MB

Download
memory/2484-1-0x000000001AD70000-0x000000001ADCC000-memory.dmp

Filesize
368KB

Download
memory/2484-2-0x0000000000490000-0x000000000049E000-memory.dmp

Filesize
56KB

Download
memory/2484-19-0x000000001ADD0000-0x000000001ADE6000-memory.dmp

Filesize
88KB

Download
memory/2484-21-0x00000000004C0000-0x00000000004D2000-memory.dmp

Filesize
72KB

Download
memory/2484-22-0x000007FEF5490000-0x000007FEF5E2D000-memory.dmp

Filesize
9.6MB

Download
memory/2484-23-0x000007FEF5490000-0x000007FEF5E2D000-memory.dmp

Filesize
9.6MB

Download
memory/2804-12-0x000007FEF5490000-0x000007FEF5E2D000-memory.dmp

Filesize
9.6MB

Download
memory/2804-17-0x000007FEF5490000-0x000007FEF5E2D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads