Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-03-2024 08:23

General

  • Target

    CordKilla.exe

  • Size

    12KB

  • MD5

    dcdfa5d5c5a013d16892fc8b8cf21278

  • SHA1

    d60aa6cbfdfcb541bd3cc9e828988b58e1e04d11

  • SHA256

    a62184b1ac0ca25e93fff3b4522f84701ee69baea5dbeb851cddf52d215a47e6

  • SHA512

    059d35c662a7be0e9cc14725fba41db6d3e0d1511db92d560858c3f88617417cb95cd1f482741e04d08a146af5ddf23a238b7085ab62f45a74c4de13a28cb7e6

  • SSDEEP

    192:WUsDEp+7bADqC/YgQeUg4LBtiteQT3PpGlcc5+Rqm8Jf+wdyz:tsDLbADqUx4ateQ7xGWR9Ue

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CordKilla.exe
    "C:\Users\Admin\AppData\Local\Temp\CordKilla.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 592
      2⤵
      • Program crash
      PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-0-0x0000000000CF0000-0x0000000000CFC000-memory.dmp

    Filesize

    48KB

  • memory/2028-1-0x00000000001B0000-0x00000000001CA000-memory.dmp

    Filesize

    104KB

  • memory/2028-2-0x0000000074360000-0x0000000074A4E000-memory.dmp

    Filesize

    6.9MB

  • memory/2028-3-0x0000000000220000-0x000000000022A000-memory.dmp

    Filesize

    40KB

  • memory/2028-4-0x0000000004A70000-0x0000000004AB0000-memory.dmp

    Filesize

    256KB

  • memory/2028-5-0x0000000074360000-0x0000000074A4E000-memory.dmp

    Filesize

    6.9MB

  • memory/2028-6-0x0000000074360000-0x0000000074A4E000-memory.dmp

    Filesize

    6.9MB