2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d

General

Target

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe
Size

913KB
MD5

43f4d0b001bb03af9f2501e1b55d7fc0
SHA1

cd17274001e80cde3c281d66ed6be511d01195d3
SHA256

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1d
SHA512

ca2ef22b3f50b8b3d07974a1febf63f1377c905c88c4864fe519c4a302b380015d5f8474da89c5fe0d5be47951a1c403c61ed83f450476392feabe8ab6bcff59
SSDEEP

24576:U+5T4MROxnFm5bHKTlQorZlI0AilFEvxHiBs9:950MiAorZlI0AilFEvxHi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

Processes:

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe

Drops file in Windows directory 3 IoCs

Processes:

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe
File opened for modification	C:\Windows\assembly	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.execsc.exe

description	pid	Process	procid_target
PID 1604 wrote to memory of 4492	1604	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe	83
PID 1604 wrote to memory of 4492	1604	2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe	83
PID 4492 wrote to memory of 2024	4492	csc.exe	85
PID 4492 wrote to memory of 2024	4492	csc.exe	85

C:\Users\Admin\AppData\Local\Temp\2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe
"C:\Users\Admin\AppData\Local\Temp\2a1de2d43b9ce30d24fb2950b24626bbd372433422df337f8bbaa1caafbefa1dN.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ntx5-lav.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4492
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9338.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9337.tmp"
    3⤵
    PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES9338.tmp

Filesize
1KB

MD5
70ed6f1ca02102f76ec5ffbe7d809697

SHA1
c18d032f57e1a04e39ec168a0fdb3acb1fb25026

SHA256
9c4746b112c590c5597690865d983b3df43abbd92da24a484018a387933d7460

SHA512
fdd037f689fc286ffb43ef6484da1db593d9cc1cf63a91de1c67474e556a65debdca03066cd4ee576a7ec4b379d84b8f498af45f9e90255ba11c7cb970965c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\ntx5-lav.dll

Filesize
76KB

MD5
4199b8818fef9f9405bbff31212d6984

SHA1
df7ed0e670f3160ab6a7e781806794477360418f

SHA256
63fe1a5ee471906cb04f759c078f9bb0673a77a51943566c8ccae8de0f20a722

SHA512
22ef95c5be98c34728a12704b87829784b7ffc9c11fdbd7822e90cce4355a6183b3e85e1320c83c3c8683b2e0fdd12b1200b9257a547c3606bd603376ea58eb3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC9337.tmp

Filesize
676B

MD5
b6cb04ee513beb7e7c598d2dc66e6b1b

SHA1
f491df1f6160d2effea65aa02f9c6013faf27829

SHA256
4d69b950451634b88acdb11ecbf16c24384828dd2190374d47d01be4189a3bb0

SHA512
848e5789ef8108f516f88bb29ef1e68c30a3401da3079ff24e7263fe1960665a52130f9e82d1b5c2d65918ae24c4b98284925ac1bb35f421a4d3b642ca47a2f3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ntx5-lav.0.cs

Filesize
208KB

MD5
ad3fb6157917742e2291c095039d56af

SHA1
239c2b918f7a176e38c4338cb3877606158a95bc

SHA256
715067a2205e2c21a041f4de2ae9f0a9e44e52eac1109bc8a45b8ff0445c30c5

SHA512
ac6c0683daacc1a4bd921ec3fb5727c26b047c9cc2123e948fb32ae1dcba989e23b0d6ab2e148045db23b35ad53acf4c16f7abfd4a7e26e3483a39af05c50c84

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ntx5-lav.cmdline

Filesize
349B

MD5
4c18055c39df8b8b626bb86da4062ab6

SHA1
55c25609465afc1c9949cd559b89247f8772a8db

SHA256
b6f0d5b7fdfcebe311e25f46f8352fc118dda7522048cbbf0d9a5d78d9b96b14

SHA512
bdea80f4665d6f71aed6e010c2df8a39bace119e70b2908eb63276aff4f43ff1118bb124f1d39255d445eed24de3a0d46083381883129b30d51c0fcccd7d31f3

Download Submit
memory/1604-27-0x000000001B4B0000-0x000000001B4B8000-memory.dmp

Filesize
32KB

Download
memory/1604-34-0x000000001DD20000-0x000000001DD90000-memory.dmp

Filesize
448KB

Download
memory/1604-6-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download
memory/1604-7-0x000000001BC20000-0x000000001C0EE000-memory.dmp

Filesize
4.8MB

Download
memory/1604-28-0x000000001CC30000-0x000000001CC92000-memory.dmp

Filesize
392KB

Download
memory/1604-5-0x000000001B740000-0x000000001B74E000-memory.dmp

Filesize
56KB

Download
memory/1604-2-0x000000001B550000-0x000000001B5AC000-memory.dmp

Filesize
368KB

Download
memory/1604-29-0x000000001D5A0000-0x000000001DB5A000-memory.dmp

Filesize
5.7MB

Download
memory/1604-23-0x000000001C260000-0x000000001C276000-memory.dmp

Filesize
88KB

Download
memory/1604-1-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download
memory/1604-25-0x0000000000F20000-0x0000000000F32000-memory.dmp

Filesize
72KB

Download
memory/1604-26-0x0000000001050000-0x0000000001058000-memory.dmp

Filesize
32KB

Download
memory/1604-0-0x00007FFCC2665000-0x00007FFCC2666000-memory.dmp

Filesize
4KB

Download
memory/1604-41-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download
memory/1604-40-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download
memory/1604-30-0x000000001DB60000-0x000000001DC50000-memory.dmp

Filesize
960KB

Download
memory/1604-31-0x000000001C8A0000-0x000000001C8BE000-memory.dmp

Filesize
120KB

Download
memory/1604-32-0x000000001DC50000-0x000000001DC99000-memory.dmp

Filesize
292KB

Download
memory/1604-33-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download
memory/1604-8-0x000000001C190000-0x000000001C22C000-memory.dmp

Filesize
624KB

Download
memory/1604-35-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download
memory/1604-37-0x000000001C280000-0x000000001C288000-memory.dmp

Filesize
32KB

Download
memory/1604-38-0x00007FFCC2665000-0x00007FFCC2666000-memory.dmp

Filesize
4KB

Download
memory/4492-21-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download
memory/4492-14-0x00007FFCC23B0000-0x00007FFCC2D51000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads