b9cae0739fc6daee051551b3e1dfabd39db41c2996f3a905254a71def555ba36

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

603d00b49e0ee1b9c5022174ab248b6c.exe
Size

18KB
MD5

603d00b49e0ee1b9c5022174ab248b6c
SHA1

fd93a10b32cced522ca6274f781066a9fab8af17
SHA256

8d19be51751f0c459874ae1dc1be93fb7e667bc916f5b11eeb67943b479cb0e9
SHA512

226f971bb04ba4f0548ad207a308567a5dc7ee1aea5ff933e020e457c38e53a7c8c899e8cd036060c4f1aca7e157c6d076c22422f318cd626b323e558e57f865
SSDEEP

384:6d+cgTYymL0Tybt/yLp3Ejf0TgShmWTkK6aHv+P:qpxwTyBcEjylTA

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 2192	988	603d00b49e0ee1b9c5022174ab248b6c.exe	32
PID 988 wrote to memory of 2192	988	603d00b49e0ee1b9c5022174ab248b6c.exe	32
PID 988 wrote to memory of 2192	988	603d00b49e0ee1b9c5022174ab248b6c.exe	32
PID 2192 wrote to memory of 2920	2192	csc.exe	33
PID 2192 wrote to memory of 2920	2192	csc.exe	33
PID 2192 wrote to memory of 2920	2192	csc.exe	33

C:\Users\Admin\AppData\Local\Temp\603d00b49e0ee1b9c5022174ab248b6c.exe
"C:\Users\Admin\AppData\Local\Temp\603d00b49e0ee1b9c5022174ab248b6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\eheckul1\eheckul1.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEB58.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCCBE9BCC5D054DA78F40BCF836BE95F.TMP"
    3⤵
    PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\32d25b1f-8125-49f0-891c-a0932dcdc7f1.exe

Filesize
18KB

MD5
47eed559a723cd3898ecfbd41d6f1350

SHA1
0f3c6df30b0707928edfa6aab8517cfe46ed7715

SHA256
2087553fa4eebc9a4f223955d4420e675c042e953692d8d0c7ea959373db2b34

SHA512
a009b6edd619923dae5d29ac189bc5c4f3a355a2e34f7db7415acb6e98dfaa4e28322068c4f72d9596706cd03f08e283c52b2263ecf56b6e40957e67373b9de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESEB58.tmp

Filesize
1KB

MD5
2b580cde3f62661d87f3bf9c12be5391

SHA1
4f14a2e9b6bd300ad4d1a34e5c66698b69f16e8a

SHA256
6d8a7018b0b3cd1659a28f206025e55977e1310cec836a563260e039ae1fc1bc

SHA512
df847996adf30e4cc1d9dcd6d355a42e4a565e809c8a4033ca3f40de93a8fe7ffcc855c7a2104e256c1d4dde43e5918342d4b57161c07b5d4558e3414846b74e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCCCBE9BCC5D054DA78F40BCF836BE95F.TMP

Filesize
1KB

MD5
b27530edbc7496696dd35a8315508fc0

SHA1
b106300b39a025c4619738017b2b7c6088e28981

SHA256
3781d33c15ab94798bbcdb3f30e2ad686d581df09dad0d3b07979832366d7390

SHA512
1cbc0995691594446bf79d0120dcf72cebd7137eec866f89625d985c3207109f957711a8af69706571150a2460db45ebb3eb6650f14764c92d00524a422222b1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\eheckul1\eheckul1.0.cs

Filesize
41KB

MD5
d500be8c50f1b232dc1f343f506745e7

SHA1
b9f28884fa2b965be10f2525a7ac3977ff472d0e

SHA256
275a84d745c740e96b692a342a9341eaf50eb84053df5f76ebe4f54e1886171e

SHA512
7bd170c48322c4fddee1d8bf3f193316c1d7d562bb2d9f7bd42a1b650e929a1fd6b68f7fe54fae376f6cd6f3073947d01f5cc7e518a3f57e254e09d181653861

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\eheckul1\eheckul1.cmdline

Filesize
377B

MD5
d2c75356afb153bc42474336eb1e6887

SHA1
1054c5078d5a793b627539d8e370558c91ee5c85

SHA256
8691fb338c7507ad9a81996d2510df4e38614d10ce14e9f49809e184b286349d

SHA512
e2de13854d82ac7768d808d23369f6f0c9e18009bb897add7b2936e68462fe401e5a3061ebb431cc910adb8228f76d2d4fe094fc1fcfc96e9f8bc50bcf9594f7

Download Submit
memory/988-0-0x000007FEF5DC3000-0x000007FEF5DC4000-memory.dmp

Filesize
4KB

Download
memory/988-1-0x0000000000350000-0x000000000035A000-memory.dmp

Filesize
40KB

Download
memory/988-3-0x000007FEF5DC0000-0x000007FEF67AC000-memory.dmp

Filesize
9.9MB

Download
memory/988-16-0x0000000000320000-0x000000000032A000-memory.dmp

Filesize
40KB

Download
memory/988-18-0x000007FEF5DC3000-0x000007FEF5DC4000-memory.dmp

Filesize
4KB

Download
memory/988-19-0x000007FEF5DC0000-0x000007FEF67AC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads