78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe
Size

903KB
MD5

e01f6c2e3489ec4f372f5e42043c76ad
SHA1

ff18a6f8f0535cb90bd1be41c5f751eb7e68c9bf
SHA256

78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97
SHA512

b7eb8aaf68bc5a91e94bb1889cda2d0c22af3cbf4011134b6b4d86d08ca6e945002f868a3c818fb0aa0e551193863167c874f4780aa93142b7e74768d96dd932
SSDEEP

12288:Y8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBJ:p3s4MROxnF9LqrZlI0AilFEvxHi8b8o

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 2776	848	78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe	30
PID 848 wrote to memory of 2776	848	78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe	30
PID 848 wrote to memory of 2776	848	78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe	30
PID 2776 wrote to memory of 2444	2776	csc.exe	32
PID 2776 wrote to memory of 2444	2776	csc.exe	32
PID 2776 wrote to memory of 2444	2776	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe
"C:\Users\Admin\AppData\Local\Temp\78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4a_golgt.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA93B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA93A.tmp"
    3⤵
    PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4a_golgt.dll

Filesize
76KB

MD5
bf818c236b94e30e4be297011222f593

SHA1
a4806f15f057d27320ee8628b81d299555e0a4c5

SHA256
3f5c9552481fa9f0ff2d4485c70e331b906d794cc221c4724430530fef6075af

SHA512
09249abe2f231bcff7e9727724195f5554c4c3a304938be44607e76daf0736a263a33fa0ec2efa89cf513d73ddaab16f8bc0cbfc819616ef40fbbacaaf1f9fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESA93B.tmp

Filesize
1KB

MD5
80994c61a30fb2b8f059e1781eb797de

SHA1
17657a1f7ff37fc41317d5b645c1c8db021cd056

SHA256
ba7e5e14c02a14c6fcd15388b3da7a2c684a5faa3b52a1ea84ba02f5a681a893

SHA512
ef41f4e575c1e92ac9e949f054c32b5c02518dde1f7295141262d169838359c127feb70d14c676909ee59c030cf03bde2997897c2387744934b983b6ad816edd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4a_golgt.0.cs

Filesize
208KB

MD5
250321226bbc2a616d91e1c82cb4ab2b

SHA1
7cffd0b2e9c842865d8961386ab8fcfac8d04173

SHA256
ef2707f83a0c0927cfd46b115641b9cae52a41123e4826515b9eeb561785218d

SHA512
bda59ca04cdf254f837f2cec6da55eff5c3d2af00da66537b9ebaa3601c502ae63772f082fd12663b63d537d2e03efe87a3b5746ef25e842aaf1c7d88245b4e1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4a_golgt.cmdline

Filesize
349B

MD5
a4840cc0c5cc7b6249e1e32845994236

SHA1
3aa25289c149aa68909b976867d170bc4703e39f

SHA256
20690a101fa13403241c1f90bf7b06493e94adafd5d72de179554c81d36975d3

SHA512
12f17b8a94772c204c6ee9403011f0345d3ab596d11e31e5103eda7621bfc18d03642551d7ce89dc2de70e851c3c5f6287bb434d5e48dab5ecef02bff1f4b0bd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCA93A.tmp

Filesize
676B

MD5
ef848783af5b4a15f742160ac560fa0c

SHA1
05248fde23ceb3edbafd0aacfa36cfd453d30ced

SHA256
324144f1a22b31784758e2c881057343ed526943c2100e88e00e52b3bcded06e

SHA512
ce32498ebd4d4ab24b08fcafebf1db1378efadca98fea2b4a971908679a3a08beb044396d8b635045ed3cb3a1069258c0675b1986cf05f87fc5cdadcbf48c7be

Download Submit
memory/848-7-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

Filesize
9.6MB

Download
memory/848-0-0x000007FEF62DE000-0x000007FEF62DF000-memory.dmp

Filesize
4KB

Download
memory/848-6-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

Filesize
9.6MB

Download
memory/848-1-0x0000000000E60000-0x0000000000EBC000-memory.dmp

Filesize
368KB

Download
memory/848-19-0x0000000000890000-0x00000000008A6000-memory.dmp

Filesize
88KB

Download
memory/848-2-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/848-21-0x0000000000420000-0x0000000000432000-memory.dmp

Filesize
72KB

Download
memory/848-22-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

Filesize
9.6MB

Download
memory/848-23-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

Filesize
9.6MB

Download
memory/2776-10-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

Filesize
9.6MB

Download
memory/2776-17-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads