b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db

General

Target

b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe
Size

913KB
MD5

82a849e5e33240add085634c9772df1e
SHA1

27336da29c5133deafa69f79339dff7d0f639bef
SHA256

b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db
SHA512

f99d2575bd1eaf887d9698529a7b52460d345676ccd1a34b644605fde62ae4760eaef08cd2c1076ea8b910848075861caec6a781a6496eb7b08cc57314c97130
SSDEEP

24576:U+5T4MROxnFm5bHKTlQarZlI0AilFEvxHi79:950MiAarZlI0AilFEvxHi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 3028	2764	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe	31
PID 2764 wrote to memory of 3028	2764	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe	31
PID 2764 wrote to memory of 3028	2764	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe	31
PID 3028 wrote to memory of 2840	3028	csc.exe	33
PID 3028 wrote to memory of 2840	3028	csc.exe	33
PID 3028 wrote to memory of 2840	3028	csc.exe	33

C:\Users\Admin\AppData\Local\Temp\b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe
"C:\Users\Admin\AppData\Local\Temp\b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\u0uushtc.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEB3A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCEB39.tmp"
    3⤵
    PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESEB3A.tmp

Filesize
1KB

MD5
cdb0d08b185f7141c1fe974e2f9af06e

SHA1
a872cd87b693086db12ea2222f35cdb0164f37df

SHA256
4ce5527f53c834e2916b13ef00191efd99a040d16886fa8b6e5c9144606cf4a2

SHA512
cd6512cb365bed9ac80a41fac77b958e03e8dd35c3c9fcde784816efd34611f0794b24f8fbe6789e44ac444e15996b8e3c64b02c2b60280e0ec7e579f5a293fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\u0uushtc.dll

Filesize
76KB

MD5
b97e7e9b1c705d83f9fa505b0aebbf85

SHA1
9f28fbd1cdd4ac8dfd59c9fe611212e375ed5c25

SHA256
b3f74cc87f3059a6f53e7cf181dcf57c2e4b7cab91bb0b13953ebb5b40155fcd

SHA512
7523b549102fe2ecf01e670fadc0953e4444e656f79535d4335d0acbbb33c667a10498dee665dece34646d2371964907afd8edc0eec4cf0961588c4a6fe12568

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCEB39.tmp

Filesize
676B

MD5
12161f43eee96e1cee231d11110a005f

SHA1
298a58d114d643f0910b5162b59517ec4200831c

SHA256
bfb46fd81b58d22fc7ff4a6616253c12e87eafdbdbc91189abdf657db919fccb

SHA512
79f9fd6a5c93608a35bb570009c3e4e26d520d25ea68c67fe886816bf3f76780494d7844b9d1f33692e98f02da131358b37d65b8332fca1edc854655702e1bd3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\u0uushtc.0.cs

Filesize
208KB

MD5
2b14ae8b54d216abf4d228493ceca44a

SHA1
d134351498e4273e9d6391153e35416bc743adef

SHA256
4e1cc3da1f7bf92773aae6cffa6d61bfc3e25aead3ad947f6215f93a053f346c

SHA512
5761b605add10ae3ef80f3b8706c8241b4e8abe4ac3ce36b7be8a97d08b08da5a72fedd5e976b3c9e1c463613a943ebb5d323e6a075ef6c7c3b1abdc0d53ac05

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\u0uushtc.cmdline

Filesize
349B

MD5
053d9cf77ae9b3992ee0d6763b57f079

SHA1
5392a81136c010e381cb9e8d63d05f6e4fa453a2

SHA256
0ff95e7b01ec783da906243aa6f0ab96b639e835d4295c5c95e0613c84f43698

SHA512
04dd449e3ff7fd8872742a86f4b7a772a8a8361d1a117d2e695847df8784bdec68ef17565703d382bb6d3aff04cd70062cea8c29104a5be36f04228de80230f1

Download Submit
memory/2764-19-0x000000001ADE0000-0x000000001ADF6000-memory.dmp

Filesize
88KB

Download
memory/2764-23-0x0000000002240000-0x0000000002248000-memory.dmp

Filesize
32KB

Download
memory/2764-30-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-3-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-2-0x0000000001E30000-0x0000000001E3E000-memory.dmp

Filesize
56KB

Download
memory/2764-0-0x000007FEF64FE000-0x000007FEF64FF000-memory.dmp

Filesize
4KB

Download
memory/2764-1-0x000000001B010000-0x000000001B06C000-memory.dmp

Filesize
368KB

Download
memory/2764-29-0x000007FEF64FE000-0x000007FEF64FF000-memory.dmp

Filesize
4KB

Download
memory/2764-21-0x0000000001E60000-0x0000000001E72000-memory.dmp

Filesize
72KB

Download
memory/2764-4-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-22-0x0000000002230000-0x0000000002238000-memory.dmp

Filesize
32KB

Download
memory/2764-24-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-26-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-27-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-28-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/3028-17-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download
memory/3028-10-0x000007FEF6240000-0x000007FEF6BDD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads