2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768

Analysis

max time kernel
94s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-12-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
Size

3.0MB
MD5

55aa8f71dd8e53e8272802adbcfcb2b6
SHA1

b02f77ad4283f160b4702205d2107187a6897c54
SHA256

2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768
SHA512

2301db40956d529233e4c47668366cad91c2a77c2589a78c08e1e051f4bb6b609f56e2f8980a7672bf4eb7f837262f03897540eb1bef8986665cad3da736e2db
SSDEEP

49152:o+fEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmkcrZEu:o+ftODUKTslWp2MpbfGGilIJPypSbxEW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 744	1092	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	82
PID 1092 wrote to memory of 744	1092	2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe	82
PID 744 wrote to memory of 3164	744	csc.exe	84
PID 744 wrote to memory of 3164	744	csc.exe	84

C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe
"C:\Users\Admin\AppData\Local\Temp\2f1f1453e9b25081aa85cc14188a17d39bad9380a303ddca391e1670022c5768.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ozpknwmk.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:744
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9FCB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9FCA.tmp"
    3⤵
    PID:3164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES9FCB.tmp

Filesize
1KB

MD5
d01f2cfc1bb27e80d06548ae761b8e62

SHA1
f380ecb715ddfa044ea92426e5f57c7fbb0d8223

SHA256
1d56c26ee4c00009f02ff6fc8068bf5fc6816bf44956d296516ceae0189f32db

SHA512
5460576ff78d8c1cb23bc2c43ce4f164bd96bfafefde857cff84093ec3295e026633f1d3e3b8acd2b837e40dad83dc971f471e849845f692d727d74e4dc3e37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ozpknwmk.dll

Filesize
76KB

MD5
bd0edd2bf3d4f5358ab5c927343c9e4a

SHA1
ca2afba431ae5b89e5086b0c82e28192d4e60f90

SHA256
87e71f26d1158fda01c8d7e8493b8491745bd033fb7aeedf96266272c75cb42b

SHA512
193724c357689471205d8e0deaeec90da5c437a549ebda39c572c1e5546d85ab8ed5f273f02f508382af03d20f349e5d06c9cc41d4ba932dab186c77f944f232

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC9FCA.tmp

Filesize
676B

MD5
ec50e228834fbbccaf79af2c7f3ddf87

SHA1
c7d755b959e955070fb0fb814358872c96cc5280

SHA256
2552cf7f8899904e9047e6e2a48dd3654df58b66774add35dfbc3e8134544fa1

SHA512
836811e4d7f5a2603ce161bebe57bba19ec6f9ea8a081a29a14096c048df2ef170eb0f3c565655e4f7799aa88c23df5a578812c9952e8177a927cfa8021a1c60

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ozpknwmk.0.cs

Filesize
208KB

MD5
41df20a843c753b1978267f3ee6b5257

SHA1
abf6f4f929e555c2ac98b9bfd223a08f25cd8ff1

SHA256
de251553ae1ac67af81c05fb35e05038a018708072e358c3176914373d42d280

SHA512
e530bbc647391bcd89b0fa40d662ee46a6713eeb074a003003536a0c9a79195fd15c1f57deee5b3d078bf0a2b9ce6bc4df991f937d850bc8f992352529081262

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ozpknwmk.cmdline

Filesize
349B

MD5
e69348ef934c902df4363119122e80d0

SHA1
a73769b3221ec13d7430fc7577796b5ae3401526

SHA256
07878165c345365b577777e326fefaf55828cbca32e8f8ca4c21c6ab777abc7a

SHA512
9724cc1dc28dc5b5aae4a87360a7cc716ec3d60d93adb0df234b6df372b78118123ece332fd45626622247dbcc4319cbc1a4cc61bbbec658d23072ca63587a7b

Download Submit
memory/744-19-0x00007FF915A10000-0x00007FF9163B1000-memory.dmp

Filesize
9.6MB

Download
memory/744-14-0x00007FF915A10000-0x00007FF9163B1000-memory.dmp

Filesize
9.6MB

Download
memory/1092-0-0x00007FF915CC5000-0x00007FF915CC6000-memory.dmp

Filesize
4KB

Download
memory/1092-4-0x00007FF915A10000-0x00007FF9163B1000-memory.dmp

Filesize
9.6MB

Download
memory/1092-5-0x000000001BCC0000-0x000000001C18E000-memory.dmp

Filesize
4.8MB

Download
memory/1092-3-0x000000001B350000-0x000000001B35E000-memory.dmp

Filesize
56KB

Download
memory/1092-2-0x000000001B3A0000-0x000000001B3FC000-memory.dmp

Filesize
368KB

Download
memory/1092-6-0x000000001C230000-0x000000001C2CC000-memory.dmp

Filesize
624KB

Download
memory/1092-1-0x00007FF915A10000-0x00007FF9163B1000-memory.dmp

Filesize
9.6MB

Download
memory/1092-21-0x000000001C310000-0x000000001C326000-memory.dmp

Filesize
88KB

Download
memory/1092-23-0x000000001C2F0000-0x000000001C302000-memory.dmp

Filesize
72KB

Download
memory/1092-24-0x000000001B470000-0x000000001B478000-memory.dmp

Filesize
32KB

Download
memory/1092-25-0x00007FF915A10000-0x00007FF9163B1000-memory.dmp

Filesize
9.6MB

Download
memory/1092-27-0x00007FF915A10000-0x00007FF9163B1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads