591c4b18225fb41ce754ffc0bb30d7cda046f768469470da4757c04613ec00ed | Triage

Analysis

max time kernel
7s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2022 09:48

Sharing

Report Analysis Logs

General

Target

CB.exe
Size

2.7MB
MD5

899c63ad442ad628054c96ec16c6049f
SHA1

5167c7e242b76f4338f35fbf2b7352d278f65148
SHA256

591c4b18225fb41ce754ffc0bb30d7cda046f768469470da4757c04613ec00ed
SHA512

909a3601191cfc1e02976581d9efb56c562de26a34b4c7939d660837a7874692edbc242b517cb89605556e2df58035375b45a4934d50f0a0be810f78acb419e7
SSDEEP

49152:NOhkDcRTciEZoO5gECCKptLWi2BrR82f3/9huZrDCKgJPyYpVXn:NnDAZCGLWi2BtTf3/uZrDMP7p

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 1656	4800	CB.exe	82
PID 4800 wrote to memory of 1656	4800	CB.exe	82
PID 4800 wrote to memory of 1656	4800	CB.exe	82
PID 1656 wrote to memory of 1372	1656	cmd.exe	83
PID 1656 wrote to memory of 1372	1656	cmd.exe	83
PID 1656 wrote to memory of 1372	1656	cmd.exe	83
PID 4800 wrote to memory of 628	4800	CB.exe	84
PID 4800 wrote to memory of 628	4800	CB.exe	84
PID 4800 wrote to memory of 628	4800	CB.exe	84

C:\Users\Admin\AppData\Local\Temp\CB.exe
"C:\Users\Admin\AppData\Local\Temp\CB.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c MODE CON COLS=215 LINES=22
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Windows\SysWOW64\mode.com
    MODE CON COLS=215 LINES=22
    3⤵
    PID:1372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color A
  2⤵
  PID:628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads