3c57d02f8160f54248ab596e1e9a29f4c98085c951a9af38141d2e4e81c5ee3d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0220cc815d23225b769884c95c72d79c.exe
Size

60KB
MD5

0220cc815d23225b769884c95c72d79c
SHA1

b0ffe2df6f9ecf71f804878ed10c5bacc728ce32
SHA256

3c57d02f8160f54248ab596e1e9a29f4c98085c951a9af38141d2e4e81c5ee3d
SHA512

37af216d659da07c88868e3ed7536e31841469fd85c2fe8920b5ddd1eaf01188db50149bda3c0ee034b3208d15a3114fae9943a174e3bc1ac2437ddc035a26b7
SSDEEP

768:YpGH/U+JdMk73wOeUsCPxK4v4LdYPofXKCCQw3H:YY9vZ738CJKbJWov85X

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1704	smss.exe
2016	smss.exe

Loads dropped DLL 2 IoCs

pid	Process
3028	cmd.exe
3028	cmd.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system\smss.exe	0220cc815d23225b769884c95c72d79c.exe
File created	C:\Windows\system\smss.exe	0220cc815d23225b769884c95c72d79c.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 3028	2232	0220cc815d23225b769884c95c72d79c.exe	19
PID 2232 wrote to memory of 3028	2232	0220cc815d23225b769884c95c72d79c.exe	19
PID 2232 wrote to memory of 3028	2232	0220cc815d23225b769884c95c72d79c.exe	19
PID 2232 wrote to memory of 3028	2232	0220cc815d23225b769884c95c72d79c.exe	19
PID 3028 wrote to memory of 1704	3028	cmd.exe	17
PID 3028 wrote to memory of 1704	3028	cmd.exe	17
PID 3028 wrote to memory of 1704	3028	cmd.exe	17
PID 3028 wrote to memory of 1704	3028	cmd.exe	17

C:\Users\Admin\AppData\Local\Temp\0220cc815d23225b769884c95c72d79c.exe
"C:\Users\Admin\AppData\Local\Temp\0220cc815d23225b769884c95c72d79c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\system\smss.exe
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3028

C:\Windows\system\smss.exe
C:\Windows\system\smss.exe
1⤵
- Executes dropped EXE
PID:2016

C:\Windows\system\smss.exe
C:\Windows\system\smss.exe
1⤵
- Executes dropped EXE
PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\smss.exe

Filesize
60KB

MD5
0220cc815d23225b769884c95c72d79c

SHA1
b0ffe2df6f9ecf71f804878ed10c5bacc728ce32

SHA256
3c57d02f8160f54248ab596e1e9a29f4c98085c951a9af38141d2e4e81c5ee3d

SHA512
37af216d659da07c88868e3ed7536e31841469fd85c2fe8920b5ddd1eaf01188db50149bda3c0ee034b3208d15a3114fae9943a174e3bc1ac2437ddc035a26b7

Download Submit
C:\Windows\system\smss.exe

Filesize
27KB

MD5
62b973d397bf5f60227f63f5c31fbd84

SHA1
eaac71b65a38468555bb2aab31007fd468226fce

SHA256
4988c3bdda98e3e4f81d225a7f95b21f7b91a754d18a2918a394e39c0e043c0c

SHA512
12226916971ca374bae0e447fbb8db48c12f62e190ce3a54ddb4574c62eca42a937137cbda9f789f89d8e79865e23c3ace813c9aa2d23680e73d3c63e227e72a

Download Submit
C:\Windows\system\smss.exe

Filesize
39KB

MD5
13154c1fec7ba6de59b625b7cf9f897b

SHA1
d2e54875969568fecf38fc9906945c7aa18d4d67

SHA256
26e268d5b1cee71047d9965664ebc84e7967317523a4989a9b8a6ad06a55045b

SHA512
5ab2134e0b740f0f1f465e86929931d66c999265557ea8bb90bb8810ff415f4c34b1956e07ebe77b7899d97658fd8c82a9ad13e9357a54c8364d7e799d6008cb

Download Submit
C:\Windows\system\smss.exe

Filesize
32KB

MD5
e823d3f7a80d840611fa65a353c8f405

SHA1
3bda889612011a113e2f62446990d74b60c5c82b

SHA256
741b72ab2528f2e24c1f546e146f88bb1fbf8a97bccbc6b5a714723e040d9f05

SHA512
9dcb5cd8c2680e8d0fa67ab963332fcd93cbfaaf618084bda76a001ae0d85cbd248a0bd44a1ecf593ab87e8d6bd4b184d5772a32a5ac7529ed2472629097b0c3

Download Submit
\Windows\system\smss.exe

Filesize
32KB

MD5
0c791fe6075b97ef508ed0a1ef0f0e30

SHA1
d2de78c5fdd34f0a92bb7204dfc1fdeb97e13ce1

SHA256
41d4541ced2080de94dd0d0d148d7000c1e723d4d11f402df8be26b462f2bf93

SHA512
b22c5b9e5765925a07a2081716dc24b0f93477e8032668d37eae7649c68614990b276a38da3ebd86e51e77b8b0a8ba9b010c08a471575873dd5b2ffadbe0cf78

Download Submit
\Windows\system\smss.exe

Filesize
20KB

MD5
e3fc5d45e9d7f65f33491e3826ae06c3

SHA1
a0770f1bd705d53b709bdc051cdae4f3512978dd

SHA256
35db968bf972cf776518e27520b9bf7f2e686464f06fcfb5bb38aa76bd53535d

SHA512
9b5674b7ac8328d497bbc4b513ab5423168c70b8f0212175b5758f741d07ea38f049a10106ad924b9d4c2a2075d9912748484593ad1dc96442c55f7c90ec7182

Download Submit
memory/1704-21-0x0000000014000000-0x0000000014031000-memory.dmp

Filesize
196KB

Download
memory/1704-18-0x0000000014000000-0x0000000014031000-memory.dmp

Filesize
196KB

Download
memory/2016-20-0x0000000014000000-0x0000000014031000-memory.dmp

Filesize
196KB

Download
memory/2016-22-0x0000000014000000-0x0000000014031000-memory.dmp

Filesize
196KB

Download
memory/2232-12-0x0000000014000000-0x0000000014031000-memory.dmp

Filesize
196KB

Download
memory/2232-11-0x0000000014000000-0x0000000014031000-memory.dmp

Filesize
196KB

Download
memory/3028-17-0x0000000014000000-0x0000000014031000-memory.dmp

Filesize
196KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads