2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768

Analysis

max time kernel
95s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-12-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
Size

3.0MB
MD5

55aa8f71dd8e53e8272802adbcfcb2b6
SHA1

b02f77ad4283f160b4702205d2107187a6897c54
SHA256

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768
SHA512

2301db40956d529233e4c47668366cad91c2a77c2589a78c08e1e051f4bb6b609f56e2f8980a7672bf4eb7f837262f03897540eb1bef8986665cad3da736e2db
SSDEEP

49152:o+fEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmkcrZEu:o+ftODUKTslWp2MpbfGGilIJPypSbxEW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 1368	1300	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	82
PID 1300 wrote to memory of 1368	1300	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	82
PID 1368 wrote to memory of 1356	1368	csc.exe	84
PID 1368 wrote to memory of 1356	1368	csc.exe	84

C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
"C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n7oy31kn.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA9DD.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA9DC.tmp"
    3⤵
    PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESA9DD.tmp

Filesize
1KB

MD5
286aa98bc1a7b3b59f95b07cccfadc3f

SHA1
e22e33338c798211e6748377b5e11af7c7dbdf34

SHA256
43ba821c89f0d81ff5fdaa3bd37acbc76e1e52e1fdc3103042b073e5611bd6ad

SHA512
c702d28e45db9e7803d5adda26e06e412e7cbb1c13fed8d42674cb48c5e35d278ee3574255bc83afe92099f1895dd7b807e1b43441798ce2374bcde3eb8332c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\n7oy31kn.dll

Filesize
76KB

MD5
0fe1dfeadda26b22ed75ac3c6adfa159

SHA1
63d2a970a16b04a6c69ee5e0c6c6600dabeb3430

SHA256
39d82b62011bc6d4ab9f19ee9188c0702eb112528278fd1abc8ee671eefd054e

SHA512
fe2c90d7f542459e424ea1ea6f7aed8b4307781039ffc130b083f0a2ab752c37cd4681194d2a68235fc4782e90fb8e20f19b9d4e535fed7b76de8525e71aa1c5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCA9DC.tmp

Filesize
676B

MD5
32febf4b23d7948d3b870036e4cfd3b2

SHA1
7be5902807cdf768f89f4d2f3fdf15404c277069

SHA256
cc19905415c3d03378560d59272a61467139ba329e14348cdd703b2f2d81a9d3

SHA512
bf5b7c300d193937ce879ed1c13fe895ee809305db1274e237a877db9dc3f51bda87e907f35722196687de5b615b31cd4193e13ea9e85c4bbfc32721e34ba7e8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\n7oy31kn.0.cs

Filesize
208KB

MD5
12606a76da40180f8da902f93ced24f9

SHA1
64bfed89c9e45171fd4395e81317b243efa07d00

SHA256
86ed6c41cfefb97ef289f1f28befe59b0b35f611faa97b2f9382762d53b9c92f

SHA512
5c98f5d95d91714af476bcda7dffc39f7eef0f541eca22ef34c3f7f1cb315d61d3b815935633db6846b26dcbb6b41f236ac8e40adfc768afe629c2ef73e3322c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\n7oy31kn.cmdline

Filesize
349B

MD5
e69205aab478de26b0c7da902731628e

SHA1
3663ad244c648e8e0e5f774f4d63d43e88ab55df

SHA256
439f6a2ede0669c2e9eea410839b06ab16473b76672eeba3ebf0c1f167ba391b

SHA512
ff0b6f413eaad1eaf72f343e25d2efc1b353571391192cae7d3657102bdee498f06dd478983ec36a201bc3c4edfdabc7aa33d287df0e2b329228bd678447b71d

Download Submit
memory/1300-4-0x00007FF8C1210000-0x00007FF8C1BB1000-memory.dmp

Filesize
9.6MB

Download
memory/1300-23-0x000000001BFD0000-0x000000001BFE2000-memory.dmp

Filesize
72KB

Download
memory/1300-6-0x000000001CE80000-0x000000001CF1C000-memory.dmp

Filesize
624KB

Download
memory/1300-0-0x00007FF8C14C5000-0x00007FF8C14C6000-memory.dmp

Filesize
4KB

Download
memory/1300-3-0x0000000001A70000-0x0000000001A7E000-memory.dmp

Filesize
56KB

Download
memory/1300-27-0x00007FF8C1210000-0x00007FF8C1BB1000-memory.dmp

Filesize
9.6MB

Download
memory/1300-2-0x000000001C0E0000-0x000000001C13C000-memory.dmp

Filesize
368KB

Download
memory/1300-25-0x00007FF8C1210000-0x00007FF8C1BB1000-memory.dmp

Filesize
9.6MB

Download
memory/1300-1-0x00007FF8C1210000-0x00007FF8C1BB1000-memory.dmp

Filesize
9.6MB

Download
memory/1300-21-0x000000001D430000-0x000000001D446000-memory.dmp

Filesize
88KB

Download
memory/1300-5-0x000000001C910000-0x000000001CDDE000-memory.dmp

Filesize
4.8MB

Download
memory/1300-24-0x0000000001AA0000-0x0000000001AA8000-memory.dmp

Filesize
32KB

Download
memory/1368-19-0x00007FF8C1210000-0x00007FF8C1BB1000-memory.dmp

Filesize
9.6MB

Download
memory/1368-16-0x00007FF8C1210000-0x00007FF8C1BB1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads