2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe
Size

913KB
MD5

43f4d0b001bb03af9f2501e1b55d7fc0
SHA1

cd17274001e80cde3c281d66ed6be511d01195d3
SHA256

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d
SHA512

ca2ef22b3f50b8b3d07974a1febf63f1377c905c88c4864fe519c4a302b380015d5f8474da89c5fe0d5be47951a1c403c61ed83f450476392feabe8ab6bcff59
SSDEEP

24576:U+5T4MROxnFm5bHKTlQorZlI0AilFEvxHiBs9:950MiAorZlI0AilFEvxHi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1940	1984	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe	31
PID 1984 wrote to memory of 1940	1984	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe	31
PID 1984 wrote to memory of 1940	1984	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe	31
PID 1940 wrote to memory of 2740	1940	csc.exe	33
PID 1940 wrote to memory of 2740	1940	csc.exe	33
PID 1940 wrote to memory of 2740	1940	csc.exe	33

C:\Users\Admin\AppData\Local\Temp\2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe
"C:\Users\Admin\AppData\Local\Temp\2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m7jjh3lq.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE561.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCE560.tmp"
    3⤵
    PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESE561.tmp

Filesize
1KB

MD5
a5f12f4ae7625cec26648993e301bb33

SHA1
5f7644974fbdd89b16c2827c07d7ea180f936377

SHA256
21849abebb77755436e432d3e4cf28be8edc43c2e9a026a809dfb058d5d626b5

SHA512
2cd7583febcd59c55035b1d24aee0a16e39a75316ad188a5caad725c2802ef22a604522d02c6d7cae889dd5d30c7503030dac3b8d9f62e7753d0b914a6045178

Download Submit
C:\Users\Admin\AppData\Local\Temp\m7jjh3lq.dll

Filesize
76KB

MD5
913f3f5c4acffe252b59916e89f5db2a

SHA1
5e11dd1a17a342782f0f167ff0d24a4e5491bddf

SHA256
a780fe196045b49af663033d86ac5694defbb126a15e402e1a4e01d137e8e9a6

SHA512
726bd03aacd9bc491c14248a5826cbe25f588ab3954c9f64841e9e330c080fc9074871befb4dacdc53ee518ea1daac6b9c76d9b8d8bc52564e62ed254c6dd98e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCE560.tmp

Filesize
676B

MD5
48ec0607eff774dc771a44f337031a02

SHA1
ff014ec3bcdf3fa568c4650e93574e0855f9d452

SHA256
76fea90d46aa823878a0ab5b27cb0786f5f5c21bb1b0be8413d04c4ffa16f693

SHA512
2d3791a8b648bd9a7cd22bbc7356c5e5486a2887e9112948e6c8acf9c3e3195c508f4cd83de2167c6aa48a7f1b589b1dc92ae3c3dd9f531c09cbd18a19bd47fc

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\m7jjh3lq.0.cs

Filesize
208KB

MD5
2b14ae8b54d216abf4d228493ceca44a

SHA1
d134351498e4273e9d6391153e35416bc743adef

SHA256
4e1cc3da1f7bf92773aae6cffa6d61bfc3e25aead3ad947f6215f93a053f346c

SHA512
5761b605add10ae3ef80f3b8706c8241b4e8abe4ac3ce36b7be8a97d08b08da5a72fedd5e976b3c9e1c463613a943ebb5d323e6a075ef6c7c3b1abdc0d53ac05

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\m7jjh3lq.cmdline

Filesize
349B

MD5
b33fddedc76e854d6cccdc251386146d

SHA1
18d6922560cf5acc17614389c61822feae26edcf

SHA256
39da4e1de50867a0ea98d67672437cb1425c23808579789842c85fa5826466af

SHA512
3562291ac79dbe4027dd0026207e43dd6bc7303b937e5fd08067ae9f731d7dbc5f2934ab79b146c5125d07f52b21bc54c7946c95b5707abbccef1899c84d6921

Download Submit
memory/1940-17-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1940-13-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1984-19-0x000000001AEA0000-0x000000001AEB6000-memory.dmp

Filesize
88KB

Download
memory/1984-3-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1984-2-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1984-0-0x000007FEF5B6E000-0x000007FEF5B6F000-memory.dmp

Filesize
4KB

Download
memory/1984-1-0x0000000000FA0000-0x0000000000FFC000-memory.dmp

Filesize
368KB

Download
memory/1984-4-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1984-21-0x0000000000440000-0x0000000000452000-memory.dmp

Filesize
72KB

Download
memory/1984-22-0x0000000000AC0000-0x0000000000AC8000-memory.dmp

Filesize
32KB

Download
memory/1984-23-0x0000000001000000-0x0000000001008000-memory.dmp

Filesize
32KB

Download
memory/1984-24-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1984-26-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1984-27-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1984-28-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads