Analysis
-
max time kernel
140s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28-01-2024 11:00
Static task
static1
Behavioral task
behavioral1
Sample
7cf163ddf099e1a8197c2acf7aaf1484.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7cf163ddf099e1a8197c2acf7aaf1484.exe
Resource
win10v2004-20231215-en
General
-
Target
7cf163ddf099e1a8197c2acf7aaf1484.exe
-
Size
257KB
-
MD5
7cf163ddf099e1a8197c2acf7aaf1484
-
SHA1
97abbb2a88f9603748f78a1c934a0dfe4d176df3
-
SHA256
d39edef8ffb588c2c7a197bba6b8ade680e91e52c4288dd94cf621af86ea221e
-
SHA512
0921a04c607fd91ada884c3a79661142a3a2efc041f9fbd578d11536f63ced0376728baae76e8a9586405a294f3931628a55b8834f8381be0c65c4c10da19ceb
-
SSDEEP
6144:J0hMcD39a7O6mb+oHO9beyKt/4H2iW39m2g45oS:Julg7dmbXHO9KHtOBWtm2g45oS
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1580 svchosn.exe -
Drops file in System32 directory 3 IoCs
description ioc Process File created C:\Windows\SysWOW64\svchosn.exe 7cf163ddf099e1a8197c2acf7aaf1484.exe File opened for modification C:\Windows\SysWOW64\svchosn.exe 7cf163ddf099e1a8197c2acf7aaf1484.exe File opened for modification C:\Windows\SysWOW64\svchosn.exe svchosn.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4852 wrote to memory of 1580 4852 7cf163ddf099e1a8197c2acf7aaf1484.exe 83 PID 4852 wrote to memory of 1580 4852 7cf163ddf099e1a8197c2acf7aaf1484.exe 83 PID 4852 wrote to memory of 1580 4852 7cf163ddf099e1a8197c2acf7aaf1484.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\7cf163ddf099e1a8197c2acf7aaf1484.exe"C:\Users\Admin\AppData\Local\Temp\7cf163ddf099e1a8197c2acf7aaf1484.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Windows\SysWOW64\svchosn.exeC:\Windows\system32\svchosn.exe -k netsvcs2⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1580
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
257KB
MD57cf163ddf099e1a8197c2acf7aaf1484
SHA197abbb2a88f9603748f78a1c934a0dfe4d176df3
SHA256d39edef8ffb588c2c7a197bba6b8ade680e91e52c4288dd94cf621af86ea221e
SHA5120921a04c607fd91ada884c3a79661142a3a2efc041f9fbd578d11536f63ced0376728baae76e8a9586405a294f3931628a55b8834f8381be0c65c4c10da19ceb