4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e.exe
Size

903KB
MD5

1015f1daea31f089ee84fd9b084b840c
SHA1

d6eff68dd33752762abf360902e87d8462b20d75
SHA256

4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e
SHA512

f73fe0a8a9481af5532ea3332a02f7a58bad411991af06b8fcbf4eb780baf1fd8ad8790a3abfe093eb8d7c23ad6d0b3c02ab423b162daf82354a2039a9346bb7
SSDEEP

12288:X8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBs:s3s4MROxnF9LqrZlI0AilFEvxHiGo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2712	2848	4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e.exe	30
PID 2848 wrote to memory of 2712	2848	4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e.exe	30
PID 2848 wrote to memory of 2712	2848	4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e.exe	30
PID 2712 wrote to memory of 2812	2712	csc.exe	32
PID 2712 wrote to memory of 2812	2712	csc.exe	32
PID 2712 wrote to memory of 2812	2712	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e.exe
"C:\Users\Admin\AppData\Local\Temp\4507cd3211bb9010fe7f00f553d270d2cdbf9cfc2d9e179ac7ec914fb99e791e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iaxpx7wz.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6B52.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC6B51.tmp"
    3⤵
    PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES6B52.tmp

Filesize
1KB

MD5
bd2ddebcfed188cb515fbcc5938b18fe

SHA1
b9c2f4424f94d5e6dcffd08f25419f46b6806aa2

SHA256
18f0b59948f7442467b7fd73ca2550148425e57711ed25e731baa32ed0752b26

SHA512
d3cdc6055b0e646d1707dcc86218a4fccec8cfa851fcd82f1df5002c2f1f20c0668fd4fed7808add87b7a90886db2982625d6a08a71c60e1f338039058d4f4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\iaxpx7wz.dll

Filesize
76KB

MD5
d649d9cbf352d9c0a19edb56d1793ca4

SHA1
e75720501c02fc4986c6292569c04319d122db36

SHA256
e4e6f124f7c7621c5e11b6c5611d8333d4aa1782f284623fd022693569dd07cf

SHA512
c768b03528ee2cb4ea59fc0c4006b7bb4124902f9b963f8b65f7028912a76b6a5c78e15b1c8e58c75a1e1684f938d45cabeddedd38d3a150a75d1447426148c4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC6B51.tmp

Filesize
676B

MD5
7d38974d517c1e9c8ba2a7987cbf95f2

SHA1
efab5a16fbcfd30d3f91fa16348c8eb1ce28d7e9

SHA256
25d0adb79f852c4ca5256623ebedff5d8d7c8288c85e915f3024e7d8819a7276

SHA512
1e22d812679b757aa298601dc914de081ae259fef83981f8f5d91ce9977fb21a89aa989be576f97df59793af5c71f467d7e6d170b9a24e3275ded85eab9ee0ef

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\iaxpx7wz.0.cs

Filesize
208KB

MD5
c555d9796194c1d9a1310a05a2264e08

SHA1
82641fc4938680519c3b2e925e05e1001cbd71d7

SHA256
ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a

SHA512
0b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\iaxpx7wz.cmdline

Filesize
349B

MD5
a999037a9d55152f06b64fa9204d0c55

SHA1
a7b11a08e8f4e8b43e1dfcfcd01e9d4690c723d4

SHA256
75915511904ab45154578cce15713bc8ca32a026360d8a0b98118e740033dfd2

SHA512
37ff8bbfbc31d7a265ab3ae5e1abe78dd210125215de7d1acec5e823870f3eed6daec5b3e6fc1e460e4da4be6b3cef9004211bd6556cd08fb04387512d252931

Download Submit
memory/2712-24-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

Filesize
9.6MB

Download
memory/2712-14-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

Filesize
9.6MB

Download
memory/2848-4-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

Filesize
9.6MB

Download
memory/2848-18-0x000000001AD10000-0x000000001AD26000-memory.dmp

Filesize
88KB

Download
memory/2848-0-0x000007FEF5A9E000-0x000007FEF5A9F000-memory.dmp

Filesize
4KB

Download
memory/2848-3-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

Filesize
9.6MB

Download
memory/2848-2-0x00000000003A0000-0x00000000003AE000-memory.dmp

Filesize
56KB

Download
memory/2848-20-0x0000000000660000-0x0000000000672000-memory.dmp

Filesize
72KB

Download
memory/2848-21-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

Filesize
9.6MB

Download
memory/2848-22-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

Filesize
9.6MB

Download
memory/2848-23-0x000007FEF57E0000-0x000007FEF617D000-memory.dmp

Filesize
9.6MB

Download
memory/2848-1-0x000000001B040000-0x000000001B09C000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads