e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0

General

Target

e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe
Size

911KB
MD5

cf78e7c352ad00b31d9c7a6d001fd6f6
SHA1

4651bca09bcd2551b0e1c4c9f8cff20149e62d69
SHA256

e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0
SHA512

5ace1658abd46a7fbd2f0ebce1fee0c5f51abcac953afaf193e7e6d5d9b3a79aee7f1791912b0935832264f388a277d8199ef1953b30a688859b29e8fceb9b51
SSDEEP

24576:d+5T4MROxnFm5bHKTlQqrZlI0AilFEvxHipXoX:I50MiAqrZlI0AilFEvxHi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe
File created	C:\Windows\assembly\Desktop.ini	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 3444	3240	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe	82
PID 3240 wrote to memory of 3444	3240	e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe	82
PID 3444 wrote to memory of 1460	3444	csc.exe	84
PID 3444 wrote to memory of 1460	3444	csc.exe	84

C:\Users\Admin\AppData\Local\Temp\e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe
"C:\Users\Admin\AppData\Local\Temp\e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ulmqevtt.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3444
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA6D0.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA6CF.tmp"
    3⤵
    PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESA6D0.tmp

Filesize
1KB

MD5
f759ba36294b9ae2592c967260879e84

SHA1
4f5d218fce0c917533ff56515ac877af0c491d32

SHA256
eea8ccc5723a7f622f3b4b4936b36bfc232309cee5c2f3599bfba34fa2f26732

SHA512
aaa7eec740b14faafb2ab09b65b0e3763d5fd744b8b64f42815b16ebeadc903586cee938f73452371759e3fa81719722bda3f95baab7ab3f6af897a3dfc073e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ulmqevtt.dll

Filesize
76KB

MD5
d6e0556096365caf8f8073e6e03ab2ff

SHA1
0615a443eb39a1842b1ae1f389f09d92d59ce746

SHA256
487075a01843c4bd6ba1bd05dc807a937183ab16e9a4a325d2d1860c0bd687e1

SHA512
974e3cd0fa105c8932c150ccbbad14bd5bdec51e104cb2e8cee430901775f81539972b374a97ef418267e2d55303460cd4ead820098905712b46126b9e4aab89

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCA6CF.tmp

Filesize
676B

MD5
6d185e59403982ee72fc7d859b95e1e8

SHA1
052a69d86cb8daca06cea350e6577f1e506ff563

SHA256
15e238ca6186eecf1d1b221274a78816087175662c971818f0427495b4651f67

SHA512
0e45457eb0b827738dc07e308475fd495da98051db718ac1e66b80440294e2c49912fcc21c5bdae2fa6932146ebc63eea9870ed86d4b7aa5599047000ba79007

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ulmqevtt.0.cs

Filesize
208KB

MD5
d220eaaf236717ba3cb5d5699c7da4e4

SHA1
965f8c6ae27c48f23582a1b7e7e380a59cdab2a6

SHA256
1a7e5ed264b810575406121e6a7fd917c4734d5a92b42e88c827c84f15ace98b

SHA512
57758ebc7d4be6dc4eb898fca3d72f96aeef10e3b790007ef1c5a3c3efae03b628090eb9d7a7a3e932cd8b30b3d2c5329c5fd02f93926fb922e130c26d857b5c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ulmqevtt.cmdline

Filesize
349B

MD5
1ff2a3cd9a978b5a543c247469d68175

SHA1
0073d5269cc18609dfe231417726929728965c1b

SHA256
3ecc26d466caab51d14fd44cd6f213369cdb30b77e10720de892e8b3ce134a63

SHA512
5bce04b12d9276dadf31474179dcae943442eedc93b1d6972d62acf66ecfd5b3152d80de7e69f33cfba3cfc81c2ccc606e3c7c25acd51c398488dcbb287e53ea

Download Submit
memory/3240-23-0x000000001CA00000-0x000000001CA16000-memory.dmp

Filesize
88KB

Download
memory/3240-34-0x000000001DEF0000-0x000000001DF60000-memory.dmp

Filesize
448KB

Download
memory/3240-7-0x000000001BE00000-0x000000001C2CE000-memory.dmp

Filesize
4.8MB

Download
memory/3240-6-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download
memory/3240-41-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download
memory/3240-5-0x000000001B7F0000-0x000000001B7FE000-memory.dmp

Filesize
56KB

Download
memory/3240-2-0x000000001B700000-0x000000001B75C000-memory.dmp

Filesize
368KB

Download
memory/3240-39-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download
memory/3240-1-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download
memory/3240-0-0x00007FF989C35000-0x00007FF989C36000-memory.dmp

Filesize
4KB

Download
memory/3240-25-0x000000001B660000-0x000000001B672000-memory.dmp

Filesize
72KB

Download
memory/3240-26-0x000000001B5E0000-0x000000001B5E8000-memory.dmp

Filesize
32KB

Download
memory/3240-27-0x000000001B6F0000-0x000000001B6F8000-memory.dmp

Filesize
32KB

Download
memory/3240-28-0x000000001CDF0000-0x000000001CE52000-memory.dmp

Filesize
392KB

Download
memory/3240-29-0x000000001D750000-0x000000001DD0A000-memory.dmp

Filesize
5.7MB

Download
memory/3240-30-0x000000001DD10000-0x000000001DE00000-memory.dmp

Filesize
960KB

Download
memory/3240-31-0x000000001CF50000-0x000000001CF6E000-memory.dmp

Filesize
120KB

Download
memory/3240-32-0x000000001DE10000-0x000000001DE59000-memory.dmp

Filesize
292KB

Download
memory/3240-33-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download
memory/3240-8-0x000000001C370000-0x000000001C40C000-memory.dmp

Filesize
624KB

Download
memory/3240-35-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download
memory/3240-37-0x000000001C480000-0x000000001C488000-memory.dmp

Filesize
32KB

Download
memory/3240-38-0x00007FF989C35000-0x00007FF989C36000-memory.dmp

Filesize
4KB

Download
memory/3444-21-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download
memory/3444-16-0x00007FF989980000-0x00007FF98A321000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads