2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-12-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
Size

3.0MB
MD5

55aa8f71dd8e53e8272802adbcfcb2b6
SHA1

b02f77ad4283f160b4702205d2107187a6897c54
SHA256

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768
SHA512

2301db40956d529233e4c47668366cad91c2a77c2589a78c08e1e051f4bb6b609f56e2f8980a7672bf4eb7f837262f03897540eb1bef8986665cad3da736e2db
SSDEEP

49152:o+fEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmkcrZEu:o+ftODUKTslWp2MpbfGGilIJPypSbxEW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2988	2088	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	30
PID 2088 wrote to memory of 2988	2088	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	30
PID 2088 wrote to memory of 2988	2088	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	30
PID 2988 wrote to memory of 1980	2988	csc.exe	32
PID 2988 wrote to memory of 1980	2988	csc.exe	32
PID 2988 wrote to memory of 1980	2988	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
"C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\izwo5h96.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8CC6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8CC5.tmp"
    3⤵
    PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES8CC6.tmp

Filesize
1KB

MD5
a9da8b93c00a1b6bc9e5935a9f8d6126

SHA1
f89519b4b2ed372bbd0fd9ae65563d967d445951

SHA256
02e6968c2e5193c09149821e19a744c3747931b3591e8b5f0c60c0fc2cf43aa4

SHA512
9f935e89416b4570f22997a9eabec5b192bd6b8f9b8d9f595c7aa88bfe21c5f0c75d1b86501a6512303756669256bccf85246e33ab67ffcb72eae84dac52aa33

Download Submit
C:\Users\Admin\AppData\Local\Temp\izwo5h96.dll

Filesize
76KB

MD5
f32121748bf45b6084ba0d3b84260132

SHA1
e3503121f80bbe228265308d6d31afdef61aa1af

SHA256
ab301c0002f71814385d186878f5d88b0bfda1122213e74b3a3daf43aad04134

SHA512
5cbe4dc423bd93baf42aa7cf089bb2ba762ee8a41802b7db9326623d44fa1d979b65fa86e2b742a834d9964925751c91c4019fc202692fec2d306a35848858d4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC8CC5.tmp

Filesize
676B

MD5
a5ccad693b7051961c622a1432e12545

SHA1
ed575d7c9167c60dd6efd76c14fde3edb70bd290

SHA256
7ea521adacb7741690ec7a6543bacb1e53f990551c1e34299218a27d3d04a577

SHA512
3c09012f9ec72e83869497e0dae7dabee85f3624a45c161e4433a6d4e150342ec9e43790f4400f52d8a88fd6092dbf9ea3dca8af79cfaaaa34c91c5498b6ff52

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\izwo5h96.0.cs

Filesize
208KB

MD5
be563d305342c18be33a73aed4bc8daa

SHA1
1c4085e7b2758ff5e2478936ff5898e79c165fa7

SHA256
50b6511769e8e323ef2191bd75183bb568cb8b7e5c63d4e62e949bd6a967d296

SHA512
3470a6881fb9d28588d4566c18e1884ff44c31495ad8cffad6b5469cb359c6dd2f891220eb54ff68bc0350adbab96dabaa295bb601ff747d59069ced4296dffa

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\izwo5h96.cmdline

Filesize
349B

MD5
1da84c408abc65675e82a91f83d7f7e8

SHA1
be614ed5a4ec3ad3ba45d10b393e918be6e91db8

SHA256
939c9c8231af0864dec328b49889fff1401299d47300148b6edb0abed74628a0

SHA512
3bbd2f8e54ab91604dde7ff1f9eeede2d667788cd2907dea6f98f9fe477bcb8e8d83df821022e25e6641b15acaedddd5ff4bb49805fcd10815f0217c3ca221d6

Download Submit
memory/2088-3-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download
memory/2088-4-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download
memory/2088-0-0x000007FEF60AE000-0x000007FEF60AF000-memory.dmp

Filesize
4KB

Download
memory/2088-1-0x00000000002D0000-0x000000000032C000-memory.dmp

Filesize
368KB

Download
memory/2088-19-0x0000000000910000-0x0000000000926000-memory.dmp

Filesize
88KB

Download
memory/2088-2-0x0000000000260000-0x000000000026E000-memory.dmp

Filesize
56KB

Download
memory/2088-21-0x0000000000530000-0x0000000000542000-memory.dmp

Filesize
72KB

Download
memory/2088-22-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download
memory/2088-23-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download
memory/2988-12-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download
memory/2988-17-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads