2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d

General

Target

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe
Size

913KB
MD5

43f4d0b001bb03af9f2501e1b55d7fc0
SHA1

cd17274001e80cde3c281d66ed6be511d01195d3
SHA256

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d
SHA512

ca2ef22b3f50b8b3d07974a1febf63f1377c905c88c4864fe519c4a302b380015d5f8474da89c5fe0d5be47951a1c403c61ed83f450476392feabe8ab6bcff59
SSDEEP

24576:U+5T4MROxnFm5bHKTlQorZlI0AilFEvxHiBs9:950MiAorZlI0AilFEvxHi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe
File opened for modification	C:\Windows\assembly	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 60	1068	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe	86
PID 1068 wrote to memory of 60	1068	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe	86
PID 60 wrote to memory of 1724	60	csc.exe	88
PID 60 wrote to memory of 1724	60	csc.exe	88

C:\Users\Admin\AppData\Local\Temp\2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe
"C:\Users\Admin\AppData\Local\Temp\2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xyu58qqa.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:60
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAECF.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCAECE.tmp"
    3⤵
    PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESAECF.tmp

Filesize
1KB

MD5
c2a9ed60fd6a8f99409e1b58d5f03ddc

SHA1
a22e98669f560f72b62118301add65639e1cb11f

SHA256
4c1589a05cee0d26d4f653145524349972b007acb6a1aa679786888e9e32f917

SHA512
c072df9f44014a15b921a971cb7093cf586663eb3c52bb50f3292188e0dd9aa515439b15a9d9ac60e3cdf1d883f1e45a546c0520ce7c468b4b55ae83ef065fd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\xyu58qqa.dll

Filesize
76KB

MD5
a53079ecae4daa7deb81107e6d758683

SHA1
f395893ae307ad5b8bc3cad55bee1ae046729303

SHA256
b7fa306eb5f6d61873a39f163fa38011e1de5c36fbb8b9468e5f18f4e77d2486

SHA512
b186c07c081a11214d6e0a27327342f9651c842b8fc210947a56167b2e14904c779a66def2c2dcf9904095ad7544d4d7444f2ea149044917120d02639ea2b560

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCAECE.tmp

Filesize
676B

MD5
21c12e9c857e84b4bcee8e296c6aec35

SHA1
a1e3fa3cc77a5cd0e28d1e3c49d7c7c5d1243068

SHA256
1c5239d9f5fe27433187a74b9dcc263062f2009fb2570d9627dc0ef3d53484a9

SHA512
410e9ce6105942ad0a8c71fa2257054df36728671077c94df2afdd62f09e84c79e5f41d9fc0cd268f52dbc915bb0126e2e3bdfde76e118577349d876ddc0d78a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\xyu58qqa.0.cs

Filesize
208KB

MD5
da90c56a27476384ee6d0dcff0b8eb95

SHA1
feb02793af0b2ad32106621496f85482f25aaa82

SHA256
19afe607991fd863cfcd6b73f91421ca0ede5389145bcfffab08be1a3939ae56

SHA512
d195937173339a1753ff64e8c32b1ff6f3186ca07eaf0a40ca88088d3cb25ce3dedb5e21386e0792808b2ff1ea29c1d4de05be19e691798f9b01b3233e94dc86

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\xyu58qqa.cmdline

Filesize
349B

MD5
7f5187275f60357fd1640e16d541366c

SHA1
25ad6c2b11e6bc08b0bcbaacf895e570c29a7a0e

SHA256
d0548ab803b541e5973834a17c7f35b4d0d7621c517fc9ac9d35a8fd3b8ef2d6

SHA512
a15ef77d1807edbc96aa86981048b87c44d410088d7f91610c1b835932cab30d07b860daf21b1a17843c67e495d204bd958775357564f57f44ec9230acac8581

Download Submit
memory/60-17-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/60-21-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/1068-26-0x000000001B480000-0x000000001B488000-memory.dmp

Filesize
32KB

Download
memory/1068-5-0x000000001B790000-0x000000001B79E000-memory.dmp

Filesize
56KB

Download
memory/1068-28-0x000000001CC80000-0x000000001CCE2000-memory.dmp

Filesize
392KB

Download
memory/1068-0-0x00007FF816D35000-0x00007FF816D36000-memory.dmp

Filesize
4KB

Download
memory/1068-2-0x000000001B5A0000-0x000000001B5FC000-memory.dmp

Filesize
368KB

Download
memory/1068-8-0x000000001C1E0000-0x000000001C27C000-memory.dmp

Filesize
624KB

Download
memory/1068-23-0x000000001C6B0000-0x000000001C6C6000-memory.dmp

Filesize
88KB

Download
memory/1068-1-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/1068-29-0x000000001D5F0000-0x000000001DBAA000-memory.dmp

Filesize
5.7MB

Download
memory/1068-27-0x000000001B500000-0x000000001B508000-memory.dmp

Filesize
32KB

Download
memory/1068-39-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/1068-6-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/1068-25-0x000000001B460000-0x000000001B472000-memory.dmp

Filesize
72KB

Download
memory/1068-30-0x000000001DBB0000-0x000000001DCA0000-memory.dmp

Filesize
960KB

Download
memory/1068-31-0x000000001C8F0000-0x000000001C90E000-memory.dmp

Filesize
120KB

Download
memory/1068-32-0x000000001DCA0000-0x000000001DCE9000-memory.dmp

Filesize
292KB

Download
memory/1068-33-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/1068-34-0x000000001DD70000-0x000000001DDE0000-memory.dmp

Filesize
448KB

Download
memory/1068-35-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/1068-37-0x000000001C6D0000-0x000000001C6D8000-memory.dmp

Filesize
32KB

Download
memory/1068-40-0x00007FF816A80000-0x00007FF817421000-memory.dmp

Filesize
9.6MB

Download
memory/1068-7-0x000000001BC70000-0x000000001C13E000-memory.dmp

Filesize
4.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads