Overview

overview

10

Static

static

3

6ccdc595db...44.exe

windows7_x64

7

6ccdc595db...44.exe

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    19-10-2021 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ccdc595db458081ac53f8cab0cc4844.exe

  • Size

    43.1MB

  • MD5

    6ccdc595db458081ac53f8cab0cc4844

  • SHA1

    e034f1f1054ec7db30ea4ca391dff8ab4d308d0b

  • SHA256

    7570ce53a4779464f685b02d783d2210edfe520730e2534f4a83cd888f57188a

  • SHA512

    0616b8fd547fb5e3d2ff0acbb6f1b715023968bb3c0b6d7f0047ff409ff2d0a0b9023d77997890be9a95826feb864b190486326df0a9c296625ce3fec016cc56

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ccdc595db458081ac53f8cab0cc4844.exe
    "C:\Users\Admin\AppData\Local\Temp\6ccdc595db458081ac53f8cab0cc4844.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\6ccdc595db458081ac53f8cab0cc4844.exe
      "C:\Users\Admin\AppData\Local\Temp\6ccdc595db458081ac53f8cab0cc4844.exe"
      2⤵
      • Loads dropped DLL
      PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\python39.dll
    MD5

    5cd203d356a77646856341a0c9135fc6

    SHA1

    a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

    SHA256

    a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

    SHA512

    390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI20402\python39.dll
    MD5

    5cd203d356a77646856341a0c9135fc6

    SHA1

    a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

    SHA256

    a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

    SHA512

    390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

    Download Submit
  • memory/1284-54-0x0000000000000000-mapping.dmp
    Download