b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35

General

Target

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe
Size

913KB
MD5

f75019b8ddb47bfae0d96f1cf02c0191
SHA1

90c558dce5935ddc5ec01bfa6a37239d2a8fbbae
SHA256

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35
SHA512

f3d2fc5a78fa07554472a7617493fbdd4758f72d8f542401fc45a8246aded6a68ccf6e10b62632e82ac4910b760332c640436d9ec432fc98cce52e8a6d23b02d
SSDEEP

24576:U+5T4MROxnFm5bHKTlQorZlI0AilFEvxHiBs9Z:950MiAorZlI0AilFEvxHiU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.execsc.exe

description	pid	process	target process
PID 2228 wrote to memory of 1936	2228	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe	csc.exe
PID 2228 wrote to memory of 1936	2228	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe	csc.exe
PID 2228 wrote to memory of 1936	2228	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe	csc.exe
PID 1936 wrote to memory of 3016	1936	csc.exe	cvtres.exe
PID 1936 wrote to memory of 3016	1936	csc.exe	cvtres.exe
PID 1936 wrote to memory of 3016	1936	csc.exe	cvtres.exe

C:\Users\Admin\AppData\Local\Temp\b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe
"C:\Users\Admin\AppData\Local\Temp\b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\j4dmtzno.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD588.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD587.tmp"
    3⤵
    PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESD588.tmp

Filesize
1KB

MD5
ab67eeffdb365df11f680d06acb34266

SHA1
d37508b1d401b2d783d2b130f2220976bc9407f9

SHA256
1bcb601101e9326c1a8871e94da5fab2b2e1e45c9820a1011cc745a56e4b9b56

SHA512
b8bb68482c0e12454ba8a9102f962644865882cf20192aec2c9aaf43387950dfce286ef2766e99ce4a055ae54217ffefd38299d862962ae4d2fb6bdd79fc6aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\j4dmtzno.dll

Filesize
76KB

MD5
30724420c531a6ad6b9ae707efeb7034

SHA1
b6e53531c918e7f6d1c1cd6e42bc315764941a37

SHA256
a06588fb8012eabb7870c16a4e65251cf742b7df5b4785a5eddcf844fc7f7418

SHA512
402fb69bcb298cd48d179e8d09e9d5c6dcde125665c99131d1df0379a6a2ef6170099607c2aee905134881028602b2c145c87d8031477634f1b67066b404d630

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCD587.tmp

Filesize
676B

MD5
34ce2c897eb1994170014678f22490ec

SHA1
49ab7cc9872c6fab943bd6ee1909cff9b067e7ec

SHA256
f7c71b51499a8cfb6d4ee20f967180d5205e7b47710cf0b2b00893cb623faa64

SHA512
4aeca7cf581f23f5adef0d30f50d5b9d81d05cebf1aa4efa64b98b8b2eb04c50071f23275397c6c793a89dee425bd5480843127c5d51b012defdab0c0977f695

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\j4dmtzno.0.cs

Filesize
208KB

MD5
250321226bbc2a616d91e1c82cb4ab2b

SHA1
7cffd0b2e9c842865d8961386ab8fcfac8d04173

SHA256
ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d

SHA512
bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\j4dmtzno.cmdline

Filesize
349B

MD5
0b9369ca5ee6776cc4f6c5d586663316

SHA1
654e24d5a0af3fcd724a080d1d9be797b2e1efa9

SHA256
4a1d77849aa18ace70b3d031c1bcaede1fcbb7e0323e06d42425b5ccfa4f564d

SHA512
d1995eea6deae10e06a75a7ec707964b41d516ce76719c334cff5388327f4d30de4351e7f7dc17bda8478635bf41bcb879c3e6b89034c640d5d5be3ad6d8a465

Download Submit
memory/1936-15-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/1936-30-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/2228-22-0x0000000000D10000-0x0000000000D18000-memory.dmp

Filesize
32KB

Download
memory/2228-21-0x00000000006A0000-0x00000000006A8000-memory.dmp

Filesize
32KB

Download
memory/2228-2-0x0000000000310000-0x000000000031E000-memory.dmp

Filesize
56KB

Download
memory/2228-3-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/2228-18-0x0000000001310000-0x0000000001326000-memory.dmp

Filesize
88KB

Download
memory/2228-20-0x0000000000450000-0x0000000000462000-memory.dmp

Filesize
72KB

Download
memory/2228-0-0x000007FEF5D2E000-0x000007FEF5D2F000-memory.dmp

Filesize
4KB

Download
memory/2228-1-0x00000000012B0000-0x000000000130C000-memory.dmp

Filesize
368KB

Download
memory/2228-23-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/2228-25-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/2228-26-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/2228-27-0x000007FEF5D2E000-0x000007FEF5D2F000-memory.dmp

Filesize
4KB

Download
memory/2228-28-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/2228-29-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download
memory/2228-4-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads