0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
22-06-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829.exe
Size

906KB
MD5

3f5aba024213bd15cb35f8e9bdce1916
SHA1

81d1a0fd4ca6c2eb146f7bb36024395018e59ad9
SHA256

0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829
SHA512

97e09c0ac0ea17641e745c41a3d2761f94218c3d8b2311b44179e50ff69c028d9fb08d91ac6e652aba3bee80af0a2a9ef2e52da154cb293f0eab50968ac0959d
SSDEEP

12288:xgfe07KFML7iLMucoUe7dG1lFlWcYT70pxnnaaoaw/7ueuRAHrZNrI0AilFEvxHG:WtY4MROxnFX9ErZlI0AilFEvxHijAc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829.execsc.exe

description	pid	process	target process
PID 2948 wrote to memory of 2656	2948	0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829.exe	csc.exe
PID 2948 wrote to memory of 2656	2948	0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829.exe	csc.exe
PID 2948 wrote to memory of 2656	2948	0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829.exe	csc.exe
PID 2656 wrote to memory of 2612	2656	csc.exe	cvtres.exe
PID 2656 wrote to memory of 2612	2656	csc.exe	cvtres.exe
PID 2656 wrote to memory of 2612	2656	csc.exe	cvtres.exe

C:\Users\Admin\AppData\Local\Temp\0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829.exe
"C:\Users\Admin\AppData\Local\Temp\0144a1460596b19ab4e667f76fdac6cacad536d11091d047d7f980ba90cf1829.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2948

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\_0ad6itf.cmdline"
2⤵
- Suspicious use of WriteProcessMemory
PID:2656

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES70CE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC70CD.tmp"
3⤵
PID:2612

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES70CE.tmp
Filesize
1KB

MD5
b9c3d0d0d548ce0f14aa78085f8d53f1

SHA1
cd3b25f3ba8ffdb0ee9ef31d31b1e5c77a295ff3

SHA256
d6e5566bb70931f982385b41911a8d14814f54b098e7a4674ed52625a3a6df49

SHA512
c1460bba7eaba6a12923fe309bba67c3e27789a7e4a02c43c4e7a55593bd2c1b58fe794554437fe27fdbdf7dfc90b8051472c930fdb726c151a1bacc90c25da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_0ad6itf.dll
Filesize
76KB

MD5
4c3d52e260edec493cfb4e8d4a31f62a

SHA1
a5a7fb309dec8de9fd34852987cfd253d21b548b

SHA256
598b052826563612065f9af7f9fed1e54dafa895228e2f716d562efab1916bd3

SHA512
83f5683449ffdfb86a000b456c05cc1fb7ef27c720671ceb5be28286eec625c1fd4b67c6100cb4db00222dd538fe85b5c0dd6fd6a9f8cc0965a85c2261d1f34b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC70CD.tmp
Filesize
676B

MD5
e8e90cae5befff2f4370e55d2bbba3dd

SHA1
b9208d891a68cf0c08af289da5e1e857f5e581b1

SHA256
cb8b0c7cf5687f0584e1173650097f238621a9692ca54fc5dc5e4ead1065f8e5

SHA512
9f2eadfd619e9a1016dcc67d9912a4a002aa5142ed879cb965e7900aa9a9ada959279836bcfe5ae5b212e0614fd9b6a9eb6faaae41ab3dbb591fec461484408f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\_0ad6itf.0.cs
Filesize
208KB

MD5
dbbc983aa30b3470b40197cce6d24629

SHA1
79395d5a5140d4c23c1fee0ec3164f09cede9b13

SHA256
d8f3f98ddd140f28dcee600589d8052c89c3d86b605fa2f106e9924344d9c462

SHA512
4ee338f0a9842076ca0d02025600949a49ac2330e350609887f354d01c7226fc421168a35f2359e9d337c75b0aa3a11e3aadf5777249ccf1f2c92c04fef0b1af

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\_0ad6itf.cmdline
Filesize
349B

MD5
70df3ab5a568bc8d2ef23cbeb4f1fd04

SHA1
e0f0a4ce541472b17fcae9206bbdd3e90f6ce6eb

SHA256
3c21c478aca8b95a173efcc5a55d77574f8d4526894056aa2bb65daffe658eb9

SHA512
8d41f852d4bcc01ddd9d7f7ef07260c28d85370d5f1a38bd746fcbfb50a1eb83e67628691941f604625c30bac2760be9a3d8d443eabadafae285cba048af7ff0

Download Submit
memory/2656-10-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

Filesize
9.6MB

Download
memory/2656-17-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

Filesize
9.6MB

Download
memory/2948-1-0x0000000002230000-0x000000000228C000-memory.dmp

Filesize
368KB

Download
memory/2948-0-0x000007FEF544E000-0x000007FEF544F000-memory.dmp

Filesize
4KB

Download
memory/2948-3-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

Filesize
9.6MB

Download
memory/2948-4-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

Filesize
9.6MB

Download
memory/2948-19-0x0000000000CC0000-0x0000000000CD6000-memory.dmp

Filesize
88KB

Download
memory/2948-2-0x0000000000390000-0x000000000039E000-memory.dmp

Filesize
56KB

Download
memory/2948-21-0x00000000003C0000-0x00000000003D2000-memory.dmp

Filesize
72KB

Download
memory/2948-22-0x0000000000440000-0x0000000000448000-memory.dmp

Filesize
32KB

Download
memory/2948-23-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

Filesize
9.6MB

Download
memory/2948-24-0x000007FEF5190000-0x000007FEF5B2D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads