Overview

overview

6

Static

static

3

ColorWatch.exe

windows7-x64

6

ColorWatch.exe

windows10-1703-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20-02-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ColorWatch.exe

  • Size

    2.6MB

  • MD5

    602b5c3719e54af8b0a8a423759ceb48

  • SHA1

    1e8eb2dd7a9ab35d8767238259f4f5d374ac9777

  • SHA256

    6f38cf4d61d2c0827cbbc287ddb04118732ce275c43fcf0cce3bd9490fc7bec4

  • SHA512

    d00a93da29d6dd4e7a67a18c0ca8376ce59acbdc5e54083ad54521ae8e3b0008bfa3438fd2db05b3fd58b40d23f3e99f079438d79276c5953d9a54e793703cdd

  • SSDEEP

    49152:dlzjndG5Vw5qOD7msYIlNGCDcs1MX/y9Kgfx:XfnSVw5qOD7pGo1MX/y9Kgfx

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ColorWatch.exe
    "C:\Users\Admin\AppData\Local\Temp\ColorWatch.exe"
    1⤵
      PID:1172
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2152

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1172-0-0x000000013FDC0000-0x000000013FED1000-memory.dmp

        Filesize

        1.1MB

        Download