afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
Size

910KB
MD5

8a4767d2b571133c41b8bb96e170d4c4
SHA1

e2c309692c8cd1b75a86c6703b925a98198f13db
SHA256

afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e
SHA512

176ac9213b0391391b9f5c7f80749bc9eb67b57e14155e4b33af9ca34f6eeda022ae2abca363ee28316aed5c670c9406e868b7ad6044b899627c98c56a929c8b
SSDEEP

12288:h5STYf+qnR7Fkxh7dG1lFlWcYT70pxnnaaoawASIh4JWVGMrZNrI0AilFEvxHvBl:nhg4MROxnFp/iJkrZlI0AilFEvxHiQ3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2724	2076	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	30
PID 2076 wrote to memory of 2724	2076	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	30
PID 2076 wrote to memory of 2724	2076	afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe	30
PID 2724 wrote to memory of 2212	2724	csc.exe	32
PID 2724 wrote to memory of 2212	2724	csc.exe	32
PID 2724 wrote to memory of 2212	2724	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe
"C:\Users\Admin\AppData\Local\Temp\afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lwddooxd.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB971.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCB970.tmp"
    3⤵
    PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESB971.tmp

Filesize
1KB

MD5
ee2d2c49bc5d0c873fecd6a420042ab3

SHA1
486404fdece429f7d45106389c4d457a2bf51ad1

SHA256
1d6d466e6ec98c3ca7abe960a39818270a34cb1f5190f8ec105cfe75a6290ad9

SHA512
f3a7ce3ce02075c1c53b99ff809849a37d1574726f2dfd72447d81573e9d03fa027dba5a08a4060bdecef6db12dc882c2fee9a5485da4ef3f3ba0ee0d0323d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwddooxd.dll

Filesize
76KB

MD5
3a1e59af19132f1e1be63151c0a47c24

SHA1
a2d673c68ca4b91c7640912852b6b3b05c1966d4

SHA256
1e66227913323ca5f535712810fa4e6b367159c34930bd589faf6a2e812d5118

SHA512
085b14f98f1e32889f9ace6f6482210535f1af108684f21680ab5290936cae5b1378050946313b386c87f63ec43501296f38454eb6da7423fe0f81650dae5d4e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCB970.tmp

Filesize
676B

MD5
1f8311cf143b1208ac377c622b9110e5

SHA1
2d5e49a1b0e03a49608e904bddc9d31fe73a7844

SHA256
710e5dd4dea9675c3342b3ff7d881bd3a6304032704bcd6c52e3d7949ab6520a

SHA512
5da1707a31a44e6065cbc3a51387432a61495ca482acb0cf6af3e4ed95a5553926ea197b9cd34d62ff69363eb6d0348930783f0e4fc3f3623dd1fb88ed8da821

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lwddooxd.0.cs

Filesize
208KB

MD5
250321226bbc2a616d91e1c82cb4ab2b

SHA1
7cffd0b2e9c842865d8961386ab8fcfac8d04173

SHA256
ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d

SHA512
bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\lwddooxd.cmdline

Filesize
349B

MD5
f0fd1845b8b5a014b7e19d7157465120

SHA1
3b8d131330e34ed253952bf01b3265e4e70f80b9

SHA256
0da94fa6f7a3187821846cf5c6bbd346415d9b83623cf5e011c314b1de55af55

SHA512
6bee3c658a401085bc59be68f77234281977c61f14912948056e2921ba0dd7f7244cb7611365da47a38c6616017c0275e42e48b69d07b92f798ce218a27bb956

Download Submit
memory/2076-4-0x000007FEF4810000-0x000007FEF51AD000-memory.dmp

Filesize
9.6MB

Download
memory/2076-0-0x000007FEF4ACE000-0x000007FEF4ACF000-memory.dmp

Filesize
4KB

Download
memory/2076-3-0x000007FEF4810000-0x000007FEF51AD000-memory.dmp

Filesize
9.6MB

Download
memory/2076-2-0x0000000000480000-0x000000000048E000-memory.dmp

Filesize
56KB

Download
memory/2076-1-0x000000001AF30000-0x000000001AF8C000-memory.dmp

Filesize
368KB

Download
memory/2076-19-0x000000001AFA0000-0x000000001AFB6000-memory.dmp

Filesize
88KB

Download
memory/2076-21-0x00000000004C0000-0x00000000004D2000-memory.dmp

Filesize
72KB

Download
memory/2076-22-0x0000000001070000-0x0000000001078000-memory.dmp

Filesize
32KB

Download
memory/2076-23-0x000007FEF4810000-0x000007FEF51AD000-memory.dmp

Filesize
9.6MB

Download
memory/2076-24-0x000007FEF4810000-0x000007FEF51AD000-memory.dmp

Filesize
9.6MB

Download
memory/2724-12-0x000007FEF4810000-0x000007FEF51AD000-memory.dmp

Filesize
9.6MB

Download
memory/2724-17-0x000007FEF4810000-0x000007FEF51AD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads