afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
Size

910KB
MD5

8a4767d2b571133c41b8bb96e170d4c4
SHA1

e2c309692c8cd1b75a86c6703b925a98198f13db
SHA256

afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e
SHA512

176ac9213b0391391b9f5c7f80749bc9eb67b57e14155e4b33af9ca34f6eeda022ae2abca363ee28316aed5c670c9406e868b7ad6044b899627c98c56a929c8b
SSDEEP

12288:h5STYf+qnR7Fkxh7dG1lFlWcYT70pxnnaaoawASIh4JWVGMrZNrI0AilFEvxHvBl:nhg4MROxnFp/iJkrZlI0AilFEvxHiQ3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 884	1780	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	31
PID 1780 wrote to memory of 884	1780	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	31
PID 1780 wrote to memory of 884	1780	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	31
PID 884 wrote to memory of 2792	884	csc.exe	33
PID 884 wrote to memory of 2792	884	csc.exe	33
PID 884 wrote to memory of 2792	884	csc.exe	33

C:\Users\Admin\AppData\Local\Temp\afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
"C:\Users\Admin\AppData\Local\Temp\afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4hvjdfuh.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:884
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE3CB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCE3CA.tmp"
    3⤵
    PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4hvjdfuh.dll

Filesize
76KB

MD5
f5e37b431e3867146ff758110f52c1d7

SHA1
50b8c9ee9b9d7fd020931c047fa872c0824b88cb

SHA256
e252ea27f551638e1a4fa438802e99ec44e70c274404823f1b0963eb5e9467da

SHA512
6355b98e5c319057c9c4e0c16954ff1bc111628153521b276e2ba4a9386863146a77ebec1e6cdbf0ccfa78690698e46b5cac9cdf228ad65ec78cd4ab859eec05

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESE3CB.tmp

Filesize
1KB

MD5
d0ba43034f55518016b909bca4a0fbd6

SHA1
ce974cc5dac787a85d2e08af55ed1b33e7e0cbf7

SHA256
5412016648af9439d1eefc55a10108c0ea01dcdee5d5a85750621f6008807894

SHA512
15e2dcab516c9a39f2f1a7eff2354543e6986ebee8f8e0de16d7029a215afaaacede2cbcc21f3349205584508263ae08c4304750487645f128f40cae5c324d41

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4hvjdfuh.0.cs

Filesize
208KB

MD5
5c16476ed3f0827d52977ba5f62b7050

SHA1
3aab2e2ac789446d66d991d0bccbfcc42ef60558

SHA256
7131acdd88583f7696f766f5bad974c58ef5bf8d7c4826154992feb3cefdb997

SHA512
6f5a7adbb21b22c745014edeca192f6afd8b3c6e13d3f51e721e5a657751296d33492510d9da68d44c4a62ecdb69e7716d39bc9236d7d0557e3cdc2bde87b3f7

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4hvjdfuh.cmdline

Filesize
349B

MD5
b2c9aadd628ff010c90dd58534951ea4

SHA1
680c56c2a1d662e8da0e8e28407fc10151d10158

SHA256
1f1d11fc33844bf2773daa2f303436f1d3c9898cbeda8ca4f2ea9d8f518cf8da

SHA512
a9053e89c7c6b632522d7ef0488d07fd494d7346774ea96d6df7a22b3ab71a09252a0d00c2c5ddf5d0b879289c9e75d5afa78dce693413f09a8e66b78ee1334a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCE3CA.tmp

Filesize
676B

MD5
496ffa9f63548b68d54e3714ec790c24

SHA1
5ff74e28d839a54f1e191aaaacdfd33d0e1d93a6

SHA256
2b4390dfa498ddc90cd89e14364ab916c18fbe563ab90fa2adfb72f7acad62c5

SHA512
73c24ebb04c38e9acbbf0ed32baefa997210313af7183904f5eb6be7295e394c519a001d1a171ddc54f3761daec5430851a0b38496a0eeb64648f7ffd05cfd57

Download Submit
memory/884-10-0x000007FEF6630000-0x000007FEF6FCD000-memory.dmp

Filesize
9.6MB

Download
memory/884-17-0x000007FEF6630000-0x000007FEF6FCD000-memory.dmp

Filesize
9.6MB

Download
memory/1780-4-0x000007FEF6630000-0x000007FEF6FCD000-memory.dmp

Filesize
9.6MB

Download
memory/1780-3-0x000007FEF6630000-0x000007FEF6FCD000-memory.dmp

Filesize
9.6MB

Download
memory/1780-0-0x000007FEF68EE000-0x000007FEF68EF000-memory.dmp

Filesize
4KB

Download
memory/1780-1-0x0000000000AC0000-0x0000000000B1C000-memory.dmp

Filesize
368KB

Download
memory/1780-19-0x0000000000A20000-0x0000000000A36000-memory.dmp

Filesize
88KB

Download
memory/1780-2-0x0000000000300000-0x000000000030E000-memory.dmp

Filesize
56KB

Download
memory/1780-21-0x00000000004C0000-0x00000000004D2000-memory.dmp

Filesize
72KB

Download
memory/1780-22-0x0000000000B30000-0x0000000000B38000-memory.dmp

Filesize
32KB

Download
memory/1780-23-0x000007FEF6630000-0x000007FEF6FCD000-memory.dmp

Filesize
9.6MB

Download
memory/1780-24-0x000007FEF6630000-0x000007FEF6FCD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads