b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db

General

Target

b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe
Size

913KB
MD5

82a849e5e33240add085634c9772df1e
SHA1

27336da29c5133deafa69f79339dff7d0f639bef
SHA256

b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db
SHA512

f99d2575bd1eaf887d9698529a7b52460d345676ccd1a34b644605fde62ae4760eaef08cd2c1076ea8b910848075861caec6a781a6496eb7b08cc57314c97130
SSDEEP

24576:U+5T4MROxnFm5bHKTlQarZlI0AilFEvxHi79:950MiAarZlI0AilFEvxHi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe
File created	C:\Windows\assembly\Desktop.ini	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 1884	736	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe	86
PID 736 wrote to memory of 1884	736	b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe	86
PID 1884 wrote to memory of 1872	1884	csc.exe	88
PID 1884 wrote to memory of 1872	1884	csc.exe	88

C:\Users\Admin\AppData\Local\Temp\b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe
"C:\Users\Admin\AppData\Local\Temp\b5025dda3b0c1c0f96f66acf456e3711df7455d165581a8f7ba295c2191b39db.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wrhzkaqk.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8619.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8618.tmp"
    3⤵
    PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES8619.tmp

Filesize
1KB

MD5
107f70329e87cdb7cf0ead421dcc4b90

SHA1
21c5e898468f99fa52e916c4e73798adc797cf8b

SHA256
2bf8f6ad47255f17a7610b6a979c84c33c5591fd99743f85ffaeae7772780685

SHA512
67636cf25edb84080870768e9fb15b93b7c7b729de54b1c7d2102cb8f1f46e84071cefa2d69749bb39610008815f5dfd082da8a60e7e2386fbce6bcee1ca02b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\wrhzkaqk.dll

Filesize
76KB

MD5
fd9e06ea69f43967a7d75a1db0e1a9ce

SHA1
c1c988c1b7f17e11c2d1e94e8b5aef340adb097e

SHA256
5bb8ffd9fea25d7c5905a6cc3bc42e9f085b325fa952593e7d4cd3c6b2bcf7df

SHA512
912208a626dfd2122274203b08604b0f6ea1bb9ea4f9eb82a00981bf0af8b2c04bd03408e4a5d8b8db3ea15b4f7334331fd9eefde0f475530e64280c750ba2f6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC8618.tmp

Filesize
676B

MD5
4463751c132966dc63c109ce3aad1f58

SHA1
58a4db044738a53106831da51f02ff779e7008a2

SHA256
31535d60d92adcb26bf17bc79e236583cbe1aa98493259efc01da703249969a6

SHA512
c0d53040efe2474f87fdcfa71d15adab40ac44d9a5d7a5ec2ed53a8ebb222670f4b4349f8d2b29d00ae8dc2334b1a095fd844d3c6bf346d5a4bbfe421561db85

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\wrhzkaqk.0.cs

Filesize
208KB

MD5
b09ccb83bc6da571e866c4ac84074053

SHA1
c733974d1bb683a502cfa0369bc27ecf5193c1ba

SHA256
b4f6589d48babcd5a33e9360eb051178ff34fd52164c251506973342dbcd6a6d

SHA512
e5cf8654676930fc5d2d91cc565f9e29d7e25870306b508db9f5bc9d5b72a92ffabdf5976261c99b1c2062d066cb367e92513f4d8793a60a628cbb949e3bc451

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\wrhzkaqk.cmdline

Filesize
349B

MD5
6fdfb5b95673bcfa6aa9d19b7f4bf6a4

SHA1
d2aadf1647cdebb3234d27d0a8babeff487e9cf2

SHA256
fa812a79b3a0d4a9f46fe4d0c604644e5cf62fa5c6784ab89616251b0d7fee30

SHA512
6cb55fbe0784cc0ef6254eca0b58fd5943289b2242be5fabd908a01b71e5411b4827ba5ef4e8b50271ba5a8a37067ce4314dee25073cdde6c3c269fe4d13ebe9

Download Submit
memory/736-24-0x000000001BDA0000-0x000000001BDB2000-memory.dmp

Filesize
72KB

Download
memory/736-28-0x000000001DEA0000-0x000000001E45A000-memory.dmp

Filesize
5.7MB

Download
memory/736-7-0x000000001C570000-0x000000001CA3E000-memory.dmp

Filesize
4.8MB

Download
memory/736-6-0x000000001C030000-0x000000001C03E000-memory.dmp

Filesize
56KB

Download
memory/736-3-0x000000001BE60000-0x000000001BEBC000-memory.dmp

Filesize
368KB

Download
memory/736-2-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download
memory/736-40-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download
memory/736-22-0x000000001C070000-0x000000001C086000-memory.dmp

Filesize
88KB

Download
memory/736-1-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download
memory/736-0-0x00007FFD35F95000-0x00007FFD35F96000-memory.dmp

Filesize
4KB

Download
memory/736-25-0x000000001BD20000-0x000000001BD28000-memory.dmp

Filesize
32KB

Download
memory/736-26-0x000000001BE30000-0x000000001BE38000-memory.dmp

Filesize
32KB

Download
memory/736-27-0x000000001D540000-0x000000001D5A2000-memory.dmp

Filesize
392KB

Download
memory/736-8-0x000000001CAE0000-0x000000001CB7C000-memory.dmp

Filesize
624KB

Download
memory/736-29-0x000000001E460000-0x000000001E550000-memory.dmp

Filesize
960KB

Download
memory/736-30-0x000000001D6A0000-0x000000001D6BE000-memory.dmp

Filesize
120KB

Download
memory/736-31-0x000000001E560000-0x000000001E5A9000-memory.dmp

Filesize
292KB

Download
memory/736-32-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download
memory/736-33-0x000000001E640000-0x000000001E6B0000-memory.dmp

Filesize
448KB

Download
memory/736-34-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download
memory/736-36-0x000000001CBA0000-0x000000001CBA8000-memory.dmp

Filesize
32KB

Download
memory/736-37-0x00007FFD35F95000-0x00007FFD35F96000-memory.dmp

Filesize
4KB

Download
memory/736-38-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download
memory/1884-20-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download
memory/1884-41-0x00007FFD35CE0000-0x00007FFD36681000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads