fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b.exe
Size

903KB
MD5

347506ed49af315cfdc27220fac57622
SHA1

cbee3288a973a152a98478412e9cbef4b994a397
SHA256

fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b
SHA512

1077da878b4f8adada977bae4b8a8207e6d154335b571bd3d15551b6966ab48cc5808a2d6c4060da31290fa203b34eb01ad86b2e1c571e9d0d2e68db99587c1a
SSDEEP

12288:VUzyPotpL82hF457dG1lFlWcYT70pxnnaaoawkRVcTqSA+9rZNrI0AilFEvxHvBE:bcI4MROxnF1LqrZlI0AilFEvxHiksG0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 3044	1620	fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b.exe	30
PID 1620 wrote to memory of 3044	1620	fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b.exe	30
PID 1620 wrote to memory of 3044	1620	fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b.exe	30
PID 3044 wrote to memory of 2988	3044	csc.exe	32
PID 3044 wrote to memory of 2988	3044	csc.exe	32
PID 3044 wrote to memory of 2988	3044	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b.exe
"C:\Users\Admin\AppData\Local\Temp\fb1268b211f329c33cdd2b2de809657732042cf0056b45e85f948beb7219e09b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rzz0733v.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBE9F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCBE9E.tmp"
    3⤵
    PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESBE9F.tmp

Filesize
1KB

MD5
784a36bdf851ca49a858cb62b59fd856

SHA1
e98eac2f6cc4c55dcf85f376b736a92ff6a845be

SHA256
cef406a510fd6bf0bc6bda119cb95b2a9893b4b40633878ce4d0c99646273927

SHA512
d468b946edd081c81253a916893c3750a4090a0c462fe85b1b4d5bab99011ddf1ee5bf1aecf0665022240f5acb37d29e776bf387b5bc4d6bfdc422085c1f9262

Download Submit
C:\Users\Admin\AppData\Local\Temp\rzz0733v.dll

Filesize
76KB

MD5
54f2f399b6380f5afed851f80d413345

SHA1
e6cba145e3c6e44b7adf0b01b510fab28444005d

SHA256
b3124db8440b6d6404ec813347ba2825056520d491e1f9507a5b7ff4593a3e9a

SHA512
32088b5b3f4f492f6de00e1990950f1e75db936f2945844e5aa6ff39a7fb9f9baa8a8ba62c461dd83e2425f683ef7efa682c4f026d775528860f95366c94b4bd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCBE9E.tmp

Filesize
676B

MD5
919f74166b9a459f2bbe7b56997b197f

SHA1
b4664af4c204087eb7173b07bca5ab82cf5187aa

SHA256
15cb98eef9d6ded919a2df605f00114f6de8b09c9512b7eb420d193f1de65471

SHA512
249ace7066c32a732a9dd6c78351a49d11cfb253e94569690c4e2544810c8a8974d2c6b3a23a931c76ab902bdb4244af11d0b6dcdd13e436b8cee2d7cc482162

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rzz0733v.0.cs

Filesize
208KB

MD5
6011503497b1b9250a05debf9690e52c

SHA1
897aea61e9bffc82d7031f1b3da12fb83efc6d82

SHA256
08f42b8d57bb61bc8f9628c8a80953b06ca4149d50108083fca6dc26bdd49434

SHA512
604c33e82e8b5bb5c54389c2899c81e5482a06e69db08268173a5b4574327ee5de656d312011d07e50a2e398a4c9b0cd79029013f76e05e18cf67ce5a916ffd9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rzz0733v.cmdline

Filesize
349B

MD5
d06af044f8eeec028b30af69280b85b7

SHA1
952c9928b8702b2d161ad99659c7a051a5276ae1

SHA256
49377ebfc32c7701864ea379b0420bb104a5124132624f356076b028d1cf98a1

SHA512
37b06900083d89e11f1b6292ee23f7fbc9f239a4ac65438a3dd02bbe27a99e8b89b8a44762dc65a9383853609782f48009e2a27f29b41d28e14a274ef5b7c2a4

Download Submit
memory/1620-4-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download
memory/1620-0-0x000007FEF5B3E000-0x000007FEF5B3F000-memory.dmp

Filesize
4KB

Download
memory/1620-3-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download
memory/1620-1-0x000000001B0A0000-0x000000001B0FC000-memory.dmp

Filesize
368KB

Download
memory/1620-2-0x0000000000290000-0x000000000029E000-memory.dmp

Filesize
56KB

Download
memory/1620-19-0x0000000000D00000-0x0000000000D16000-memory.dmp

Filesize
88KB

Download
memory/1620-21-0x00000000002B0000-0x00000000002C2000-memory.dmp

Filesize
72KB

Download
memory/1620-22-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download
memory/1620-23-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download
memory/3044-12-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download
memory/3044-17-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads