afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e

General

Target

afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
Size

910KB
MD5

8a4767d2b571133c41b8bb96e170d4c4
SHA1

e2c309692c8cd1b75a86c6703b925a98198f13db
SHA256

afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e
SHA512

176ac9213b0391391b9f5c7f80749bc9eb67b57e14155e4b33af9ca34f6eeda022ae2abca363ee28316aed5c670c9406e868b7ad6044b899627c98c56a929c8b
SSDEEP

12288:h5STYf+qnR7Fkxh7dG1lFlWcYT70pxnnaaoawASIh4JWVGMrZNrI0AilFEvxHvBl:nhg4MROxnFp/iJkrZlI0AilFEvxHiQ3

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
File created	C:\Windows\assembly\Desktop.ini	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 4016	2044	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	83
PID 2044 wrote to memory of 4016	2044	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	83
PID 4016 wrote to memory of 4760	4016	csc.exe	85
PID 4016 wrote to memory of 4760	4016	csc.exe	85

C:\Users\Admin\AppData\Local\Temp\afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
"C:\Users\Admin\AppData\Local\Temp\afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\slnee-ff.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4016
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7F14.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7F13.tmp"
    3⤵
    PID:4760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES7F14.tmp

Filesize
1KB

MD5
51b505d1b5030b535e62d6a1b77f76bb

SHA1
53f8c694c4a9e731389ec159debef831334a11e1

SHA256
91c83fb6e1c6d4273ae82e0cf737989e326b6856aa0a5fd3d3fb59ae5d84a8ec

SHA512
39f85cb61501d771641145e5dd06f3ee0122c9b3b19561201bd056b498965c64a8b9a446cb46f8d99152e72bf8a8d04b683b4374f08b940dd3235df9325fb1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\slnee-ff.dll

Filesize
76KB

MD5
1fb5aab5038f44d7badd4a6922519484

SHA1
c40327915ab0930bdd3db674966eeb11219db34e

SHA256
98877d409d76299ad0f7ff042fd8139771d980f305e0938b5860ec1d4fce16d6

SHA512
0e0e5350c7fe73b0bda5b5cd10bd8bfc4c98a2f659d9b1fa9d36044a20489c93c9ab27d9eded6ca1e34d2f65a9c779c12b8892cd037757a7136ae044321b5fc4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC7F13.tmp

Filesize
676B

MD5
c27d5e6a8db8ac34cbcd19a2a41342dc

SHA1
5b61e83501ab9c9876be6bec08d4f4b1d9ee1527

SHA256
ff4b6a791d51056b328fe5c23b5d6e7eb8839eb3033dc6428aa83015945bfcb8

SHA512
adeb3dfc8cfd98f56ee99b5c6657c7b7a7c294391efb2e6823560fb84a0291f496ca7fd1c86ef399f77cc36b816245702bbb409d510a4ef5dcdd2d96f12b3422

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\slnee-ff.0.cs

Filesize
208KB

MD5
2b6d2d2bac94a9d7d58de2c9e0241b9a

SHA1
c6f13e34072ffff104ae951effedf17cf4821912

SHA256
93eda1bdcf626b53ec4a4c1f28377921f425a0154befec498f149af75be43989

SHA512
06de6e4bdee7259e738451a249d47fbc6a2cccff015c8e8dc86c8d4b237eeb9e7760eb498dccd538c409212a65fa12a78d5bb09cfda62870a7221bfb21308f23

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\slnee-ff.cmdline

Filesize
349B

MD5
7ac3b8e4d7d4efc16702e30081482fe6

SHA1
c68583b457e6fd55ff2fc1e4516305178aded2d6

SHA256
0dbda19fad5cd4cfabd92688d7ef6438495e6d74ad7d9f4bb6561098383bcd81

SHA512
85941059ab1d5c87f5633879e225051d154bf9d363b060b9b0e0143895b02c7d41da80aa099199f6cbb3456b763f8768689d32d080d99c813627ff268dd7c581

Download Submit
memory/2044-7-0x000000001C270000-0x000000001C73E000-memory.dmp

Filesize
4.8MB

Download
memory/2044-23-0x000000001CE80000-0x000000001CE96000-memory.dmp

Filesize
88KB

Download
memory/2044-0-0x00007FFE11085000-0x00007FFE11086000-memory.dmp

Filesize
4KB

Download
memory/2044-6-0x000000001BD60000-0x000000001BD6E000-memory.dmp

Filesize
56KB

Download
memory/2044-32-0x00007FFE10DD0000-0x00007FFE11771000-memory.dmp

Filesize
9.6MB

Download
memory/2044-3-0x000000001BB80000-0x000000001BBDC000-memory.dmp

Filesize
368KB

Download
memory/2044-2-0x00007FFE10DD0000-0x00007FFE11771000-memory.dmp

Filesize
9.6MB

Download
memory/2044-30-0x00007FFE10DD0000-0x00007FFE11771000-memory.dmp

Filesize
9.6MB

Download
memory/2044-1-0x00007FFE10DD0000-0x00007FFE11771000-memory.dmp

Filesize
9.6MB

Download
memory/2044-8-0x000000001C7E0000-0x000000001C87C000-memory.dmp

Filesize
624KB

Download
memory/2044-25-0x0000000001500000-0x0000000001512000-memory.dmp

Filesize
72KB

Download
memory/2044-26-0x0000000001480000-0x0000000001488000-memory.dmp

Filesize
32KB

Download
memory/2044-27-0x0000000001360000-0x0000000001368000-memory.dmp

Filesize
32KB

Download
memory/2044-28-0x00007FFE10DD0000-0x00007FFE11771000-memory.dmp

Filesize
9.6MB

Download
memory/2044-29-0x00007FFE11085000-0x00007FFE11086000-memory.dmp

Filesize
4KB

Download
memory/4016-21-0x00007FFE10DD0000-0x00007FFE11771000-memory.dmp

Filesize
9.6MB

Download
memory/4016-16-0x00007FFE10DD0000-0x00007FFE11771000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads