Analysis

  • max time kernel
    91s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2023, 04:19

General

  • Target

    00cff1006248e1b896752aac025608edc8f2defc08c0944461edbec1cdc4d8bf.exe

  • Size

    2.7MB

  • MD5

    e85ed65f43267ccb2c2c40ae4273acba

  • SHA1

    8db02113b03540f0a35723ee166e8525d6954338

  • SHA256

    00cff1006248e1b896752aac025608edc8f2defc08c0944461edbec1cdc4d8bf

  • SHA512

    842eb9812be7dbaf782a9bf6be9cf48fb09dc6e2b31a822c9deb9e56893cd64d1c9da949ac5e26d88ed5ac1f29279dbb716bce70fc574f0d7d16e667eeff7ea2

  • SSDEEP

    49152:olPkFc5TciEdoGFgcC4053LWq2BrR28/zP9WUw+TBwGJl1DDpo3:oeFUR4qLWq2BtL/zPNw+TBj/p

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00cff1006248e1b896752aac025608edc8f2defc08c0944461edbec1cdc4d8bf.exe
    "C:\Users\Admin\AppData\Local\Temp\00cff1006248e1b896752aac025608edc8f2defc08c0944461edbec1cdc4d8bf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c MODE CON COLS=215 LINES=22
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5008
      • C:\Windows\SysWOW64\mode.com
        MODE CON COLS=215 LINES=22
        3⤵
          PID:3764
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c Color A
        2⤵
          PID:4932

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads