e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0

General

Target

e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe
Size

911KB
MD5

cf78e7c352ad00b31d9c7a6d001fd6f6
SHA1

4651bca09bcd2551b0e1c4c9f8cff20149e62d69
SHA256

e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0
SHA512

5ace1658abd46a7fbd2f0ebce1fee0c5f51abcac953afaf193e7e6d5d9b3a79aee7f1791912b0935832264f388a277d8199ef1953b30a688859b29e8fceb9b51
SSDEEP

24576:d+5T4MROxnFm5bHKTlQqrZlI0AilFEvxHipXoX:I50MiAqrZlI0AilFEvxHi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2968	2936	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe	30
PID 2936 wrote to memory of 2968	2936	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe	30
PID 2936 wrote to memory of 2968	2936	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe	30
PID 2968 wrote to memory of 2904	2968	csc.exe	32
PID 2968 wrote to memory of 2904	2968	csc.exe	32
PID 2968 wrote to memory of 2904	2968	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe
"C:\Users\Admin\AppData\Local\Temp\e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zzqx2pxt.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE8F9.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCE8F8.tmp"
    3⤵
    PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESE8F9.tmp

Filesize
1KB

MD5
55412616c4c6b25f535c7ecb4b8ffdd2

SHA1
13363c69a9a53509a13f279fd73b72754bd4908d

SHA256
3652819109341e9699a7ee18f816d22f3690f8396ae8c5c9a6403f4465072f60

SHA512
02f3f5f994849f85c0bc2427bc286a084ddeb4d46c430a5430eaab28961a54e7ff562a37f29c0e188fe0017c413c10eadab55532c7dd93efbc6c403a67c640ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\zzqx2pxt.dll

Filesize
76KB

MD5
bb4f809c8a9244edd79a8d4ad728770b

SHA1
509b2e99657f060b75d2b87e21a09917ab122d80

SHA256
b6be558eeb452d214c0205f2d93b563f38335a843edba06d07a64e0ec67bb8d1

SHA512
477569e2502c5b22671efff78a5f7ae1c16b62811f4bf9d84b44f5acb3acac52fc714b9d8e8faba9a39e84bdda447e3b86981955f633ff68dcd6e06b76539ecf

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCE8F8.tmp

Filesize
676B

MD5
fce4551b57525f65b41ac9517c372865

SHA1
cf184f62ca9c533c3fc9e994690becba7017a715

SHA256
07868f93c3dd6350dff9e3fdd6db3d57b2016a8228476161b0d3aaa20dd05809

SHA512
14fd69a728f9c9d83990d493463b6ef029e7acfdf033405112273e7289904ff30273b50c8f904438b453151b9fc0e2cdf3eb7cfe3fcc007ed126893173820b2a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zzqx2pxt.0.cs

Filesize
208KB

MD5
6011503497b1b9250a05debf9690e52c

SHA1
897aea61e9bffc82d7031f1b3da12fb83efc6d82

SHA256
08f42b8d57bb61bc8f9628c8a80953b06ca4149d50108083fca6dc26bdd49434

SHA512
604c33e82e8b5bb5c54389c2899c81e5482a06e69db08268173a5b4574327ee5de656d312011d07e50a2e398a4c9b0cd79029013f76e05e18cf67ce5a916ffd9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zzqx2pxt.cmdline

Filesize
349B

MD5
8599a938be2f919280d8e57ae1f7e25a

SHA1
9b97f84935c291382746dfd195c245a930787970

SHA256
ba579e873adf26b2e5e42bc170a4bf4589d1080d608e514cbe21db2481658a96

SHA512
e944cb9af5944ed6418d5b3229f146cfbac5ca910407f1ab7ee14b15496ee889f0a42370780d2c36c79cb1821e03d2c4ad6041833b226b18fdaf5fe6b7d094c1

Download Submit
memory/2936-19-0x000000001AFC0000-0x000000001AFD6000-memory.dmp

Filesize
88KB

Download
memory/2936-22-0x00000000021D0000-0x00000000021D8000-memory.dmp

Filesize
32KB

Download
memory/2936-30-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2936-3-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2936-1-0x000000001AF60000-0x000000001AFBC000-memory.dmp

Filesize
368KB

Download
memory/2936-0-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

Filesize
4KB

Download
memory/2936-2-0x0000000000480000-0x000000000048E000-memory.dmp

Filesize
56KB

Download
memory/2936-29-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2936-21-0x00000000004B0000-0x00000000004C2000-memory.dmp

Filesize
72KB

Download
memory/2936-4-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2936-23-0x0000000002370000-0x0000000002378000-memory.dmp

Filesize
32KB

Download
memory/2936-24-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2936-26-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2936-27-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2936-28-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

Filesize
4KB

Download
memory/2968-17-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2968-12-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads