70bba6e748b04c937188f113389a3c90bf30806add70222b920886a57b0bdd98

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1300fbf843b8fcf8554979a45a3e48ba.exe
Size

18KB
MD5

1300fbf843b8fcf8554979a45a3e48ba
SHA1

a638fa0faf167f80cf60fd4520f12a4197a8c823
SHA256

5beca5742ada639b75e52f51f897e92d12f8b5e4e48d69914d24d8a1d58ab65b
SHA512

52814f9ab25d050270db13e17f3c3ffd8218d489e092b0f0235d5ad9cfd57072b1d994b977cedc8ef10f522a5165e6ac8ef58c8f5a41fa12bbc6e51ce40b53e7
SSDEEP

384:qPbacrkOSc6vBJ58c0cB71MY6i18HVRW7NLthmOTkK6aHv+7:kbc/c6tXpB7WuMjstBT4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2376	2080	1300fbf843b8fcf8554979a45a3e48ba.exe	32
PID 2080 wrote to memory of 2376	2080	1300fbf843b8fcf8554979a45a3e48ba.exe	32
PID 2080 wrote to memory of 2376	2080	1300fbf843b8fcf8554979a45a3e48ba.exe	32
PID 2376 wrote to memory of 3064	2376	csc.exe	33
PID 2376 wrote to memory of 3064	2376	csc.exe	33
PID 2376 wrote to memory of 3064	2376	csc.exe	33

C:\Users\Admin\AppData\Local\Temp\1300fbf843b8fcf8554979a45a3e48ba.exe
"C:\Users\Admin\AppData\Local\Temp\1300fbf843b8fcf8554979a45a3e48ba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\enyj4m0v\enyj4m0v.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEAEB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1D494273AAFD4CB6BF1EBFB026D34CB0.TMP"
    3⤵
    PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6a39a1b1-a2f6-4f79-8c7f-194e1575268b.exe

Filesize
18KB

MD5
a3f91880dc8c064655352665d8a6c4cf

SHA1
27a8fba78a6f91993c58b8da6604047d6f01c969

SHA256
bd377ac2e9bb398508d746fae81ab2b913ae4e4b28fe9fc394f8c02995497ab5

SHA512
d59c681cd6d012e5ea4a3ce9cc87e01bf8b6e2c4cf68b656a11134d4d904b1c6ef49d5ccbbfb30d3cd5b0d1e81145494f9e04aa5a7063570c0323ad867ab1d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESEAEB.tmp

Filesize
1KB

MD5
303e704853fc9ec20e4dff1e9a24c054

SHA1
c1fdee08087055f292662723ed5f9a1fc714f4bd

SHA256
cb98325f1cb6998b030d45a926ed8e57cdb875055f753bcef0a73d5ae6fc4364

SHA512
121e7a85983dc6b231a3b770e711e1bc7c8689bb67643f9046ff54df4e9190ccf7ca5e10c6c9ac0b248e0d6605bc5c1c258fcd517ef81af3247c4d3e2c90622a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC1D494273AAFD4CB6BF1EBFB026D34CB0.TMP

Filesize
1KB

MD5
fb21c238aa902e7dd91c5ea5322c14a2

SHA1
f9df8ed1d7d489ab6ab3bf54e77f84b7cbbde295

SHA256
ee97543bcda8c7919f32d901bfad326089b8fda0a41f972921a856ee5b043df0

SHA512
80a38db2e939c3d6e05decb074abfaaf3f9d865c0bce0ad9b7058f218138eca188277cafd3342b25c82c1d4c6479b0564c73661ebbc254881580294bd168fc8f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\enyj4m0v\enyj4m0v.0.cs

Filesize
41KB

MD5
4e609fcaba2bf865cffccb122a55a1a6

SHA1
c222ecfa9cc5cbb09a2a64e441e68082803f68b5

SHA256
ed2bd8ec6ab473ea591c47f903acbae46d01261e47cf28c39852d4235bfa3f1e

SHA512
4da2f229723b286b603c602ac5e7f86e9bb9dbb9e3fedbf7511e74114e8761e070f5e125555417b0e5f9bc2bb4674ce4a7f20506354b4796b7dd5ce46a076368

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\enyj4m0v\enyj4m0v.cmdline

Filesize
377B

MD5
919cebf5cd6220b0d04ddd243915da79

SHA1
8d5f5307d8ef2c67c4e2fe4e143b9dd6dabb1f7f

SHA256
9bc118064d0686c064f3f52dd79e93a7225ae9a0854936107480511b22a46481

SHA512
3bb35f517bebfb941d2dff0955c7048e86690e70d82a527f69476d9170700de25876975b4a66bc0ccf7624b7cef3d401c8d8782d8713fe041dee8b3d7d8726e5

Download Submit
memory/2080-0-0x000007FEF5B73000-0x000007FEF5B74000-memory.dmp

Filesize
4KB

Download
memory/2080-1-0x0000000000BC0000-0x0000000000BCA000-memory.dmp

Filesize
40KB

Download
memory/2080-2-0x000007FEF5B70000-0x000007FEF655C000-memory.dmp

Filesize
9.9MB

Download
memory/2080-16-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/2080-18-0x000007FEF5B73000-0x000007FEF5B74000-memory.dmp

Filesize
4KB

Download
memory/2080-19-0x000007FEF5B70000-0x000007FEF655C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads