d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-11-2024 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344.exe
Size

903KB
MD5

a93e7dbe938820491dab85d3cec53c02
SHA1

b13d4953ae756189c236ed83ff98e87a37ea775a
SHA256

d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344
SHA512

f47c4a311b78578e437fcf4097eec7616d471fd21e9e88405d6f3a55a2dbc0189a0f41404f4b79fb89997703b6b0e689b6e206ba2ab96465d054856468e6b66e
SSDEEP

12288:M8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBI:l3s4MROxnF9LqrZlI0AilFEvxHiafo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1820	2068	d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344.exe	30
PID 2068 wrote to memory of 1820	2068	d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344.exe	30
PID 2068 wrote to memory of 1820	2068	d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344.exe	30
PID 1820 wrote to memory of 2432	1820	csc.exe	32
PID 1820 wrote to memory of 2432	1820	csc.exe	32
PID 1820 wrote to memory of 2432	1820	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344.exe
"C:\Users\Admin\AppData\Local\Temp\d95a517170fbc458ef4316e5983bc0b3ddb43dd98c32fd462f026f5061155344.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ijozyb3o.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1820
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESABCA.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCABC9.tmp"
    3⤵
    PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESABCA.tmp

Filesize
1KB

MD5
97c78a05abdcf7ea0e92c3652b870ee0

SHA1
612c6e302106d85a0e13da6c3306cbc7dba2215a

SHA256
15028d0be18c8c537821258c80ba8768a2e3415811656449ae6b304b420977c0

SHA512
e3d5158ea75e15b4193dd26ccf6feb3d87c345498b35538a9a6cdf4015d6bc672cbe38080e7ebb0a4125ac1f379b83051493e4c9eb74136dd1b2692ea9a5c870

Download Submit
C:\Users\Admin\AppData\Local\Temp\ijozyb3o.dll

Filesize
76KB

MD5
115da1c7abada94e33c28ab1c5f37d32

SHA1
bc4868fbaf359c2d17649acea687023667367c9d

SHA256
3280964ec111d714b682758c5a85ea82cd563890852c71ccdd7c285ab022532c

SHA512
f39e57df8d57118f50c65514e61f0e5434026a4f2784c819aa652c293a0e453a29a88197a9f68513caad8ac1b8a569ce14aa7acba9b52c03d161945f9e40936f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCABC9.tmp

Filesize
676B

MD5
6c5da582b56ec9d986debd8b0131120d

SHA1
5f3273853e289c5bebc84dd96ce852858a7c1fb8

SHA256
9b9f27e2e3530fd66bfb8eeb749c69bfad07b1162cbd07d62e02150961f9f88c

SHA512
4dd5855d89282f89b1c449e56acefcdc0a19fdfe032ae52593f45f12f3d6a66c73ab87fd229644fd6255bc4c5e1adea4ee867e0f760cdedea5d1a54744f2ca4c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ijozyb3o.0.cs

Filesize
208KB

MD5
54511f23d6e93f391ec061e65eb8ecba

SHA1
cf4d8d8b57a36cfd710d41020e09d2816c692725

SHA256
66c5f9da5b51fbe62b5c8ca38dca18f90f226df574a4caf0ffdd0e5c1211edbe

SHA512
39f77b2a752f36918b4ccd286ac428302d37a8edd566a0226cd1c000a6fc029e8c05f8cc90de21143a678fcae62c28bf05e94d454c193f32c21a3448c0046116

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ijozyb3o.cmdline

Filesize
349B

MD5
e659e71587667d01e7912d769b5ac233

SHA1
dd4462af2b6add599d3e8a4cfcd910b8db0878f5

SHA256
c591f556eb2338c0403ef152de714c184f8226d3ae6592883ce77096fbb784c2

SHA512
52ccd57fde8943888cd6a52cfcbb40369cfbcb2ef80df2004820446ee3b36fbcba149bdd5e1f78cdc4d92e1bfc8cfecf07ce555e1d674dbd35f0582ba426ce5a

Download Submit
memory/1820-12-0x000007FEF58D0000-0x000007FEF626D000-memory.dmp

Filesize
9.6MB

Download
memory/1820-17-0x000007FEF58D0000-0x000007FEF626D000-memory.dmp

Filesize
9.6MB

Download
memory/2068-7-0x000007FEF58D0000-0x000007FEF626D000-memory.dmp

Filesize
9.6MB

Download
memory/2068-0-0x000007FEF5B8E000-0x000007FEF5B8F000-memory.dmp

Filesize
4KB

Download
memory/2068-4-0x000007FEF58D0000-0x000007FEF626D000-memory.dmp

Filesize
9.6MB

Download
memory/2068-2-0x0000000000940000-0x000000000094E000-memory.dmp

Filesize
56KB

Download
memory/2068-1-0x000000001AFB0000-0x000000001B00C000-memory.dmp

Filesize
368KB

Download
memory/2068-19-0x000000001B010000-0x000000001B026000-memory.dmp

Filesize
88KB

Download
memory/2068-21-0x0000000000D20000-0x0000000000D32000-memory.dmp

Filesize
72KB

Download
memory/2068-22-0x000007FEF58D0000-0x000007FEF626D000-memory.dmp

Filesize
9.6MB

Download
memory/2068-23-0x000007FEF58D0000-0x000007FEF626D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads