cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-02-2025 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe
Size

903KB
MD5

b868e41013936d397a71cbd56e0b2b5c
SHA1

2e780636aa64c0c53dc631d0e8122351273ad7f8
SHA256

cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424
SHA512

615691dba850d0124b3edbe3ead8969f9faa83b4f067fb847a91d3749f95c10a5ec42e5d336b0ed19dc18f89420110da8d9561460fc727c1243ef3d68cd5fca2
SSDEEP

12288:H8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBt:c3s4MROxnF9LqrZlI0AilFEvxHino

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2480	2988	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe	30
PID 2988 wrote to memory of 2480	2988	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe	30
PID 2988 wrote to memory of 2480	2988	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe	30
PID 2480 wrote to memory of 1864	2480	csc.exe	32
PID 2480 wrote to memory of 1864	2480	csc.exe	32
PID 2480 wrote to memory of 1864	2480	csc.exe	32

C:\Users\Admin\AppData\Local\Temp\cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe
"C:\Users\Admin\AppData\Local\Temp\cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\warrnuow.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB1E2.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCB1E1.tmp"
    3⤵
    PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESB1E2.tmp

Filesize
1KB

MD5
c98c8477785f75a756d3968737748214

SHA1
44f5e97e93c9e8b5731a3afeefba78716f116ad7

SHA256
321d65576b4c252b6b8f8be15884fe085aa4a647871c4fa22fdee8d68dd44698

SHA512
634076b624ed44352fe9e277cd8c2c941f4085f236f3f5ef38ce33160266078326cf83645351522852785573c2a08d24dbb1d30da1b19fe03ccb24862e463c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\warrnuow.dll

Filesize
76KB

MD5
a0f641c0ff196881289b9eb9699e1df8

SHA1
1df7fa776787100044396a5199f2bb531d99ebbb

SHA256
835eae6a8b7581043169cd460587bf95ec77e2cde34f75878639664e1e6ee6b4

SHA512
6f8dffbc6d4e45d2d0edd93103177237377f9b429fa121e731329d0fa3979ec9d7e7d5cb330f2be925a9755a194fadd893cfa7af71c1312fa15adb43ce62b5c1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCB1E1.tmp

Filesize
676B

MD5
81c9213730b43493a61f8e77b90d89c3

SHA1
95c1fb4d91972f5f5aa24dab3baa4d32410be583

SHA256
54509acf00a560aa48a1fa5d7a555893c06cc8a3ee456bb4e6299bafae511d38

SHA512
49f45afe7988730040e715ada1b7435baba1e1e3b213603327e01e2afdcc2922c7bcc23df49f730f661f4daa58955e93069244a554fdc44e82e0b344a2bec6ab

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\warrnuow.0.cs

Filesize
208KB

MD5
c555d9796194c1d9a1310a05a2264e08

SHA1
82641fc4938680519c3b2e925e05e1001cbd71d7

SHA256
ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a

SHA512
0b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\warrnuow.cmdline

Filesize
349B

MD5
d31695bc5fda4bb060cac9575ebdd9e3

SHA1
182624fb321dcb448ba126e3b2be0b16380525de

SHA256
99fd5cbb90c14b405a03b60e9c6de25e2f5e005f2771f83ddecab4f8ff33a62c

SHA512
1220385dee4f1d4cec28f7c22be14a0b55a27bfdddd4e053b8805a1a6a2ca064b2fadb0f27c4b1e12a9a105ac49780161e5bee70e7680c1eceafacaea70cadd8

Download Submit
memory/2480-17-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Filesize
9.6MB

Download
memory/2480-10-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Filesize
9.6MB

Download
memory/2988-4-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Filesize
9.6MB

Download
memory/2988-3-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Filesize
9.6MB

Download
memory/2988-1-0x00000000022C0000-0x000000000231C000-memory.dmp

Filesize
368KB

Download
memory/2988-19-0x0000000002320000-0x0000000002336000-memory.dmp

Filesize
88KB

Download
memory/2988-2-0x0000000000280000-0x000000000028E000-memory.dmp

Filesize
56KB

Download
memory/2988-0-0x000007FEF5FDE000-0x000007FEF5FDF000-memory.dmp

Filesize
4KB

Download
memory/2988-21-0x00000000002B0000-0x00000000002C2000-memory.dmp

Filesize
72KB

Download
memory/2988-22-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Filesize
9.6MB

Download
memory/2988-23-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Filesize
9.6MB

Download
memory/2988-24-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads