78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe
Size

903KB
MD5

e01f6c2e3489ec4f372f5e42043c76ad
SHA1

ff18a6f8f0535cb90bd1be41c5f751eb7e68c9bf
SHA256

78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97
SHA512

b7eb8aaf68bc5a91e94bb1889cda2d0c22af3cbf4011134b6b4d86d08ca6e945002f868a3c818fb0aa0e551193863167c874f4780aa93142b7e74768d96dd932
SSDEEP

12288:Y8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBJ:p3s4MROxnF9LqrZlI0AilFEvxHi8b8o

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2100	2096	78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe	30
PID 2096 wrote to memory of 2100	2096	78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe	30
PID 2096 wrote to memory of 2100	2096	78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe	30
PID 2100 wrote to memory of 2268	2100	csc.exe	32
PID 2100 wrote to memory of 2268	2100	csc.exe	32
PID 2100 wrote to memory of 2268	2100	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe
"C:\Users\Admin\AppData\Local\Temp\78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rin5pdx1.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB3B6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCB3B5.tmp"
    3⤵
    PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESB3B6.tmp

Filesize
1KB

MD5
bcf5c137db929f075100c5233f08d004

SHA1
c05508107f39526d3740653d34db93dd5b6153c8

SHA256
51c83b682d567f64ed45ca6e1911f4a3bdd59339df1ca864f39a88d4e0a0b20c

SHA512
4883da51fba783c091fbb7419baca6506cb547b188b27cab14ef0481f683945199cd2c38cd8eed1a036073f1b759c5f0cd16607a54e58e2c51f5e4af8132fc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\rin5pdx1.dll

Filesize
76KB

MD5
779a69c8014059a0711c262716c39a8f

SHA1
19c70cde029984ad3d8f3b26de9b655ab489fc49

SHA256
f10741f2f4e518850006e0db641f83c9ee85a1bb4cf7a511c44f6f2c955aa838

SHA512
9410365ecda3c0fae97e03ca52ecd67623c7fc0a78a98a2d0609f88f5b7ef65852aa62516c4cdc2cccc72124909f0d5f41532440b83a8f17977e3e677fe201ed

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCB3B5.tmp

Filesize
676B

MD5
f6c90ade2f6d0709519fec8b626ede67

SHA1
e152be65e0336cca1b046548ab2c3170844a563f

SHA256
7395e37844b3eb0188ed546b965d722fe0fbeef17d44826b5a28f9d660664a10

SHA512
5046efffbd6acf7dcb1004076d5ad025b5e47d4acff0af8b0409075e1415129c228a7111f9913cae85918f9155551dc4571eee40e57af84122f9e2508c57e6ed

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rin5pdx1.0.cs

Filesize
208KB

MD5
6011503497b1b9250a05debf9690e52c

SHA1
897aea61e9bffc82d7031f1b3da12fb83efc6d82

SHA256
08f42b8d57bb61bc8f9628c8a80953b06ca4149d50108083fca6dc26bdd49434

SHA512
604c33e82e8b5bb5c54389c2899c81e5482a06e69db08268173a5b4574327ee5de656d312011d07e50a2e398a4c9b0cd79029013f76e05e18cf67ce5a916ffd9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rin5pdx1.cmdline

Filesize
349B

MD5
6949804decda5bb45cedcf18d6ce465d

SHA1
91c897b686965fe5000b2609ab8f2704351b8f74

SHA256
9e1a769c29f8021beb02bb4a836c43bfa43cf5829eadad6edc771b8e06911f7d

SHA512
427fd1342b644eb5e1e1ead95cfd778eed8c8e9831966b8fdf98430313d852d1aaffbe769e8749f8e0294885c1260184026fd3015b8f70d5945a5d3ad966e017

Download Submit
memory/2096-9-0x000007FEF6570000-0x000007FEF6F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2096-0-0x000007FEF682E000-0x000007FEF682F000-memory.dmp

Filesize
4KB

Download
memory/2096-3-0x000007FEF6570000-0x000007FEF6F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2096-1-0x0000000000B30000-0x0000000000B8C000-memory.dmp

Filesize
368KB

Download
memory/2096-19-0x0000000000BA0000-0x0000000000BB6000-memory.dmp

Filesize
88KB

Download
memory/2096-2-0x0000000000290000-0x000000000029E000-memory.dmp

Filesize
56KB

Download
memory/2096-21-0x00000000003B0000-0x00000000003C2000-memory.dmp

Filesize
72KB

Download
memory/2096-22-0x000007FEF6570000-0x000007FEF6F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2096-23-0x000007FEF6570000-0x000007FEF6F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2100-10-0x000007FEF6570000-0x000007FEF6F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2100-17-0x000007FEF6570000-0x000007FEF6F0D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads