b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35

General

Target

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe
Size

913KB
MD5

f75019b8ddb47bfae0d96f1cf02c0191
SHA1

90c558dce5935ddc5ec01bfa6a37239d2a8fbbae
SHA256

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35
SHA512

f3d2fc5a78fa07554472a7617493fbdd4758f72d8f542401fc45a8246aded6a68ccf6e10b62632e82ac4910b760332c640436d9ec432fc98cce52e8a6d23b02d
SSDEEP

24576:U+5T4MROxnFm5bHKTlQorZlI0AilFEvxHiBs9Z:950MiAorZlI0AilFEvxHiU

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

Processes:

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe

description	ioc	process
File created	C:\Windows\assembly\Desktop.ini	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe

Drops file in Windows directory 3 IoCs

Processes:

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe

description	ioc	process
File opened for modification	C:\Windows\assembly\Desktop.ini	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe
File opened for modification	C:\Windows\assembly	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe
File created	C:\Windows\assembly\Desktop.ini	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.execsc.exe

description	pid	process	target process
PID 2052 wrote to memory of 3576	2052	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe	csc.exe
PID 2052 wrote to memory of 3576	2052	b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe	csc.exe
PID 3576 wrote to memory of 208	3576	csc.exe	cvtres.exe
PID 3576 wrote to memory of 208	3576	csc.exe	cvtres.exe

C:\Users\Admin\AppData\Local\Temp\b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe
"C:\Users\Admin\AppData\Local\Temp\b53c4527977e96dfa132318944a51f6e309dbbd4396276a0500deaf8178a4e35.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kghkaukr.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3576
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES80AA.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC80A9.tmp"
    3⤵
    PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES80AA.tmp

Filesize
1KB

MD5
207b1dbb4b24b8c9b06935d85b4e0557

SHA1
c59c3de59acb5dc7d8c9de2583398e5180b95383

SHA256
d5bf569b94e66d92e32d5eb020d53bfdc9d92d365e5dc9bd21676b681427957c

SHA512
fca1195d33e721d0003a7dad1ce5bae3a67a95f70098c63eeec62b7c4253e46b6e970c746c1224e5f878b0a3c6553bf130c020330efcfc372ef228b72612589f

Download Submit
C:\Users\Admin\AppData\Local\Temp\kghkaukr.dll

Filesize
76KB

MD5
391091eef0d99547536609df414a6571

SHA1
c52b823cd2b82f2e0278e77d24630ce1dd41d8df

SHA256
2c2c897a5e06845ddce0dece0887afa0222a33b2d2218f5f2bf305525dd54d72

SHA512
938bd8fb207bb6e681a5eccf636e8284eb5a73c8091a619e106cd34d9be70c166742682f0cd010039fcd714b71ad44c9166bd52169d7241351160920f38a02e3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC80A9.tmp

Filesize
676B

MD5
57631059a619707327d9e2d94bc89a68

SHA1
9356f7a32b62804bc37aea400964225194096fa5

SHA256
dd4e19904cc5e263ee03e1469a2661d6775d7bb07aae0fd18472fcbe68e6a2b5

SHA512
2af4bfc91b38f2702ed1b34cd250f95d0d83f407cb611c303432e46ff5d1eba250f82a600eb0a4ac56a26c03d15f6bb962022bebc2066e4b12ee9732e261f639

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\kghkaukr.0.cs

Filesize
208KB

MD5
5bd6743a0d44561a6411e090199cdc1b

SHA1
b77072b2d169c4bf61bc4141202c38fe85b71aae

SHA256
c2833bc112ad9dc7851c6a48a5e8d70953cb0b5b87d1903bf728509c81554fa3

SHA512
dbb73074903274dbec4d0b3ebaaa6655afee73aeecfc709edaccfcc143ba46ec737ea29edf6bd91b530d0562ff7d6e94db2e941860c19273193da8c0cbd5eeaa

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\kghkaukr.cmdline

Filesize
349B

MD5
addec11925f40f182d3c449d4871e89c

SHA1
c8c820932f7df25b491524ee06728ba61b56690c

SHA256
bcb4de2d3803f7afd42f3042ece76b500a877c8762b5820e0b3821ef1abb02ea

SHA512
d861ea8bcef71a84b4577ff845e689dc61c3155ad6e3ce1685afc19e333c738cbe4de1d963de3e197e026289b7c274812309c1528d242241ac7fb6e2c458bc24

Download Submit
memory/2052-27-0x0000000001720000-0x0000000001728000-memory.dmp

Filesize
32KB

Download
memory/2052-5-0x000000001BE20000-0x000000001BE2E000-memory.dmp

Filesize
56KB

Download
memory/2052-7-0x000000001C870000-0x000000001C90C000-memory.dmp

Filesize
624KB

Download
memory/2052-6-0x000000001C300000-0x000000001C7CE000-memory.dmp

Filesize
4.8MB

Download
memory/2052-28-0x000000001D310000-0x000000001D372000-memory.dmp

Filesize
392KB

Download
memory/2052-41-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download
memory/2052-2-0x000000001BC30000-0x000000001BC8C000-memory.dmp

Filesize
368KB

Download
memory/2052-29-0x000000001DC80000-0x000000001E23A000-memory.dmp

Filesize
5.7MB

Download
memory/2052-23-0x000000001CF30000-0x000000001CF46000-memory.dmp

Filesize
88KB

Download
memory/2052-1-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download
memory/2052-25-0x0000000001750000-0x0000000001762000-memory.dmp

Filesize
72KB

Download
memory/2052-26-0x0000000001730000-0x0000000001738000-memory.dmp

Filesize
32KB

Download
memory/2052-0-0x00007FFF5A345000-0x00007FFF5A346000-memory.dmp

Filesize
4KB

Download
memory/2052-8-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download
memory/2052-39-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download
memory/2052-31-0x000000001D470000-0x000000001D48E000-memory.dmp

Filesize
120KB

Download
memory/2052-30-0x000000001E240000-0x000000001E330000-memory.dmp

Filesize
960KB

Download
memory/2052-32-0x000000001E340000-0x000000001E389000-memory.dmp

Filesize
292KB

Download
memory/2052-33-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download
memory/2052-34-0x000000001E420000-0x000000001E490000-memory.dmp

Filesize
448KB

Download
memory/2052-35-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download
memory/2052-37-0x000000001CF60000-0x000000001CF68000-memory.dmp

Filesize
32KB

Download
memory/2052-38-0x00007FFF5A345000-0x00007FFF5A346000-memory.dmp

Filesize
4KB

Download
memory/3576-21-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download
memory/3576-16-0x00007FFF5A090000-0x00007FFF5AA31000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads