f48879b4ac01e464508d3dee27e0af0abc126f9613fdb6f6c94cc53391002504

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbb.exe
Size

12.8MB
MD5

3e41b5ad8570b7906097a9e1921309dc
SHA1

34f706deb8b2a01081517be2cd10eb66976c1a38
SHA256

f48879b4ac01e464508d3dee27e0af0abc126f9613fdb6f6c94cc53391002504
SHA512

043b5da0897d35618f1f91d3a68c19b2fb0200ad39f51d6fb97ead7ae3a29b2627149925946f7eb882e3dc2663a7d1721be0b9e0c6ecbacdc7e23d68096d28cb
SSDEEP

393216:7oVRY/m3pabY9c5hlERgAdZYyW0trc7K7j3CupDb:7oHYKoYEhkgAdZWCg7K7jyupDb

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2904	cbb.exe
1592	cbb.exe
660	cbb.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2848	timeout.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1100	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2904	2772	cbb.exe	29
PID 2772 wrote to memory of 2904	2772	cbb.exe	29
PID 2772 wrote to memory of 2904	2772	cbb.exe	29
PID 1764 wrote to memory of 1592	1764	cbb.exe	36
PID 1764 wrote to memory of 1592	1764	cbb.exe	36
PID 1764 wrote to memory of 1592	1764	cbb.exe	36
PID 2624 wrote to memory of 836	2624	cmd.exe	44
PID 2624 wrote to memory of 836	2624	cmd.exe	44
PID 2624 wrote to memory of 836	2624	cmd.exe	44
PID 836 wrote to memory of 660	836	cbb.exe	45
PID 836 wrote to memory of 660	836	cbb.exe	45
PID 836 wrote to memory of 660	836	cbb.exe	45
PID 2624 wrote to memory of 2848	2624	cmd.exe	46
PID 2624 wrote to memory of 2848	2624	cmd.exe	46
PID 2624 wrote to memory of 2848	2624	cmd.exe	46

C:\Users\Admin\AppData\Local\Temp\cbb.exe
"C:\Users\Admin\AppData\Local\Temp\cbb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\cbb.exe
  "C:\Users\Admin\AppData\Local\Temp\cbb.exe"
  2⤵
  - Loads dropped DLL
  PID:2904

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\cbb.exe
"C:\Users\Admin\AppData\Local\Temp\cbb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\cbb.exe
  "C:\Users\Admin\AppData\Local\Temp\cbb.exe"
  2⤵
  - Loads dropped DLL
  PID:1592

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:1100

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\test.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\cbb.exe
  cbb.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Users\Admin\AppData\Local\Temp\cbb.exe
    cbb.exe
    3⤵
    - Loads dropped DLL
    PID:660
- C:\Windows\system32\timeout.exe
  timeout /t 100
  2⤵
  - Delays execution with timeout.exe
  PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17642\pip-20.2.3.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17642\python39.dll

Filesize
4.0MB

MD5
18bc52be61f619885a3764549fed13ae

SHA1
6ccbdb9192ee15945d830bebee4201839547e107

SHA256
e2941bca223bbf101d03026712340c64fcf2b6d969c9fc6c7a72fd013160228a

SHA512
6e0d0f63565d55e75223d90b824991007477ae85da4edc802bc14805aba9c2008f8eec8d4e6b5bd2f48acf89961b2bb069b1810f1d2cf2392f8c472325a584a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27722\python39.dll

Filesize
1.7MB

MD5
22e595677623498f74c6adc6502004ef

SHA1
c63645823a8eb80d7954368594597e0022155107

SHA256
fb2bc870c025a31f8dbd1163146fac5ced5c1e5f145ed21fc83d5c63d7b25b02

SHA512
c279c6db8a9b41fd68a7d5be1ff8237154bcb2431cb3f4c344c6524c8e3b6617aae148ef78aa45e2e26ecbd8b184cfc931049cc67a08f97995ec4098597938e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\test.bat

Filesize
25B

MD5
f377f17f332a0fb94a8ce67684d5ce54

SHA1
f7b8b4576f9db8f7ad28842e6626fe450f589e0a

SHA256
9bc50d0d8feab5cbc603054a713f46293d4123b0f2e6f15468d90333f6de586c

SHA512
f9fb2e8d6417bcf9324607260637d252d2b78aceec4f2abfb244b187f61427f8a8928d08f277f633680fb37dc3e1e2db00724eba466998fd10135269ba025216

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17642\python39.dll

Filesize
940KB

MD5
3b3637d1aac53551c1498dacfec78ca8

SHA1
13d1e8a957b749b295e4f1002c9b730177850a8e

SHA256
2c346c7644c1632bedb5244938bff8f95e39e7d3393aa3e7b91e807d6d8f5378

SHA512
732c0edce30e0ea6f99457706975e2e4d599a56e6cf57bc5c8dcf19f23cdb2993692ba4b0080112c6b6768e7f1f5d1e985fceadfed970abbc727b6f242ae75f2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27722\python39.dll

Filesize
4.3MB

MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads