cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424

General

Target

cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe
Size

903KB
MD5

b868e41013936d397a71cbd56e0b2b5c
SHA1

2e780636aa64c0c53dc631d0e8122351273ad7f8
SHA256

cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424
SHA512

615691dba850d0124b3edbe3ead8969f9faa83b4f067fb847a91d3749f95c10a5ec42e5d336b0ed19dc18f89420110da8d9561460fc727c1243ef3d68cd5fca2
SSDEEP

12288:H8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBt:c3s4MROxnF9LqrZlI0AilFEvxHino

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe
File created	C:\Windows\assembly\Desktop.ini	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2396	2228	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe	82
PID 2228 wrote to memory of 2396	2228	cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe	82
PID 2396 wrote to memory of 2448	2396	csc.exe	84
PID 2396 wrote to memory of 2448	2396	csc.exe	84

C:\Users\Admin\AppData\Local\Temp\cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe
"C:\Users\Admin\AppData\Local\Temp\cb06cfd589c6cf09e27264eaab618c7f887e3ad5cefc1eef5db52e22b7001424.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\letkg5ni.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8780.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC877F.tmp"
    3⤵
    PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES8780.tmp

Filesize
1KB

MD5
25da3e660040dc845b24fb6a285c67d9

SHA1
e58b0fb93289210912cf5883803c762d381ab4bc

SHA256
5bbaed4f9eb0393a89d3ba461e22b041d3c9cf367bd61cb6d0dafb567b971c48

SHA512
afc5a9e0be8dcd28a2895718d660edbdc78656422bf645a1df3246c3b3472ead27428a4612a6d4828d904bc4d2852aea3c12fc6ab911905a9c56cf13b1ab16a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\letkg5ni.dll

Filesize
76KB

MD5
61f2d89086ccc425d3f5f1697319237f

SHA1
2d9605bb29876c1cafc34b04f25753ef0478495d

SHA256
bed952743cfdee2086c3542b6d3e8fca081605e2eec1acff840487f60a96474b

SHA512
771f7796417f604358cc0c851a375de49f0778ffaa4269e94a5dcbfaa26ffa8fab72eef32e7314c4efe63badc805438dd2dff558e5daf545ceffb87682314125

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC877F.tmp

Filesize
676B

MD5
3e51d351dd12cdc4f3c052778d322c30

SHA1
c8fca4615b685d37a80ff50ab2d54243af802878

SHA256
2c02e1a4f604332d297d50e4d1d2fff90c5a643c7c6bc1b4e862e08c2fb6c90c

SHA512
523fd7083f3ee5cd1bf00a8b4d87ed5a77af657307b8e52ef4465955163d489042febed788c2d95c8883fc0c39c7c386f5281d72d05c78141650b2877b5c6619

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\letkg5ni.0.cs

Filesize
208KB

MD5
14c8a12572d4e60f4095b2b6aeccaee5

SHA1
241c6cc6ca13cbd52e272f7f06ddefabe84c99a8

SHA256
ea39e18c0a0a2f5012bace503f65814ec2b04a4cd711764dfc7dc6c6624344ce

SHA512
467970afe510c63733235e7713d6e5dd9061f73a4b0d7568c00a3ca3f7a8e38edd52d39b3665bf290dc8b20391996cd0c354a5ed3f8b69a2089602b8ea093deb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\letkg5ni.cmdline

Filesize
349B

MD5
f4a55672f559dbc5269930aca8113d40

SHA1
0c95323b4787bd2f8835b01ef7a4698a4e3df661

SHA256
b9f6fd88f5ebc8e3961353920f6561fd6c6fa0fb1f2a133b034a9eb834ef98a4

SHA512
5b2cc37e98e140cf0096be10f879995b21781139744b1a9c3a8651e0bde7d1ae5857714dd6c1f3a497b59c9f16d3ed106c308de2a6b7afeafd97bdc4558fceaf

Download Submit
memory/2228-5-0x000000001B470000-0x000000001B47E000-memory.dmp

Filesize
56KB

Download
memory/2228-27-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp

Filesize
9.6MB

Download
memory/2228-7-0x000000001BA70000-0x000000001BF3E000-memory.dmp

Filesize
4.8MB

Download
memory/2228-0-0x00007FFC7EF05000-0x00007FFC7EF06000-memory.dmp

Filesize
4KB

Download
memory/2228-8-0x000000001BFE0000-0x000000001C07C000-memory.dmp

Filesize
624KB

Download
memory/2228-6-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp

Filesize
9.6MB

Download
memory/2228-2-0x000000001B380000-0x000000001B3DC000-memory.dmp

Filesize
368KB

Download
memory/2228-29-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp

Filesize
9.6MB

Download
memory/2228-1-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp

Filesize
9.6MB

Download
memory/2228-23-0x000000001C680000-0x000000001C696000-memory.dmp

Filesize
88KB

Download
memory/2228-25-0x0000000000C00000-0x0000000000C12000-memory.dmp

Filesize
72KB

Download
memory/2228-26-0x0000000000B70000-0x0000000000B78000-memory.dmp

Filesize
32KB

Download
memory/2396-14-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp

Filesize
9.6MB

Download
memory/2396-21-0x00007FFC7EC50000-0x00007FFC7F5F1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads