2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
16-12-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
Size

3.0MB
MD5

55aa8f71dd8e53e8272802adbcfcb2b6
SHA1

b02f77ad4283f160b4702205d2107187a6897c54
SHA256

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768
SHA512

2301db40956d529233e4c47668366cad91c2a77c2589a78c08e1e051f4bb6b609f56e2f8980a7672bf4eb7f837262f03897540eb1bef8986665cad3da736e2db
SSDEEP

49152:o+fEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmkcrZEu:o+ftODUKTslWp2MpbfGGilIJPypSbxEW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2420	2616	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	30
PID 2616 wrote to memory of 2420	2616	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	30
PID 2616 wrote to memory of 2420	2616	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	30
PID 2420 wrote to memory of 1964	2420	csc.exe	32
PID 2420 wrote to memory of 1964	2420	csc.exe	32
PID 2420 wrote to memory of 1964	2420	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
"C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l3gtq-an.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9D78.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9D77.tmp"
    3⤵
    PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES9D78.tmp

Filesize
1KB

MD5
8d6713309e414f0dbfe474f639dc30a5

SHA1
12eed2ab8d4aa6795ad9aef2b4316b248db7b9e2

SHA256
d1285f928fc8cb8ad0164cde25afdb04a4901e845c8c3a3e8c82f09e077aebbc

SHA512
170aff8ac36e33d83f16154760618c4db325123d3c7fd739a53e8f1958e608ca310386a32ba71cfac9ce60e9b91f753d25909b709fec66dcdc9cc1f819e5f78a

Download Submit
C:\Users\Admin\AppData\Local\Temp\l3gtq-an.dll

Filesize
76KB

MD5
11ad9a1155cdcd4bca49659457a4aaa4

SHA1
e3ae1dbca5aad46d5fcd3316dd6bb70cd2dbd2b4

SHA256
e44cf21b493d08552e6a1ef43d1492dab8cf2dbd8c2dce5d98b931b982081fec

SHA512
c923f549a0608ac52f84a0371c8d5b38d1e7d359ac2d70b4af4294bac8ecf505fa0809f48110a6ad49d6a79fda3159225c1687b41818e8696cb9a563559d5b54

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC9D77.tmp

Filesize
676B

MD5
501a0b7ab6694f4f8dee8883a0e927df

SHA1
5049a365f799224423d7cb2842b5f5bdb320d308

SHA256
d18c7eb8a3bb6880ef1dce5ce413230648fdef6e3c7ae054ec054a48f9fc2791

SHA512
cebe68c152b62f40dda4372942fdddb5a854359f33ae92c7910ba371aac0bca7dc8f2673ad07dfd1dfc0a5c4a78a1a90f32a920baa842150c43105b433757cb1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\l3gtq-an.0.cs

Filesize
208KB

MD5
e0e546d7fd3c64e5b22b3353b204dd11

SHA1
5d5c49a6e788d4158b02ee7e108f21e70e38abe3

SHA256
a0905feb0f6f707877d65ee30bda55e361097b26cda6dde06bb0a56cb0ec3639

SHA512
2f4a3b28d81b9ddf7e288e65d78867c35cce06e69c4891aaed3e1a06e46b704636f0c8ab2653550ce3b0a42d2c624f30d331be96560978d7e151478962b1466a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\l3gtq-an.cmdline

Filesize
349B

MD5
dc58fbf1024649936e39317a11c7ef86

SHA1
c66951062f47df296e285322547814c0cca9fcf8

SHA256
023185cfbed52b90720391e9544c6a38ea2d2ce3f050ede57cda6102069ac255

SHA512
99986e5133fc941c3365a1e467332308cc95704316ad18d4e17c0091de9412a3c11f7285a4aa00496ae7f26de92ce4ec7e8a76e7ad0b0801ef930c4cc8cd6785

Download Submit
memory/2420-17-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

Filesize
9.6MB

Download
memory/2420-10-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

Filesize
9.6MB

Download
memory/2616-4-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

Filesize
9.6MB

Download
memory/2616-3-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

Filesize
9.6MB

Download
memory/2616-2-0x0000000000170000-0x000000000017E000-memory.dmp

Filesize
56KB

Download
memory/2616-1-0x00000000002C0000-0x000000000031C000-memory.dmp

Filesize
368KB

Download
memory/2616-19-0x0000000000A70000-0x0000000000A86000-memory.dmp

Filesize
88KB

Download
memory/2616-0-0x000007FEF5E7E000-0x000007FEF5E7F000-memory.dmp

Filesize
4KB

Download
memory/2616-21-0x0000000000980000-0x0000000000992000-memory.dmp

Filesize
72KB

Download
memory/2616-22-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

Filesize
9.6MB

Download
memory/2616-23-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads