6359d61a855f8bc5972922e31cabfbdb96c9c7d4c0c3f9a07f9ed46b8584777c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc6c15a569dec7794d076732cff33a93.exe
Size

121KB
MD5

cc6c15a569dec7794d076732cff33a93
SHA1

786795a1ecf3b7fd69d4b56fc2bc37dfaee45a83
SHA256

6359d61a855f8bc5972922e31cabfbdb96c9c7d4c0c3f9a07f9ed46b8584777c
SHA512

32239c3adbb3ee9c344f355655c8ecd8976b604c65b73dd0ea6527396922803fcbebfd9642b020701ff951a39e4b48be5f2b9bf179b6cbe61bba4db033915452
SSDEEP

3072:tf9l7j5fS4XBHvDcwyDLS12XFIzSjtV2bGtJFr8G:VRfS0vwLDmc3jt8bAj/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
3472	svchos.exe
2320	svchos.exe
5064	svchos.exe
3956	svchos.exe
4396	svchos.exe
632	svchos.exe
2408	svchos.exe
784	svchos.exe
4128	svchos.exe
3284	svchos.exe

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	cc6c15a569dec7794d076732cff33a93.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File opened for modification	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	svchos.exe
File created	C:\Windows\SysWOW64\svchos.exe	cc6c15a569dec7794d076732cff33a93.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 3472	1596	cc6c15a569dec7794d076732cff33a93.exe	87
PID 1596 wrote to memory of 3472	1596	cc6c15a569dec7794d076732cff33a93.exe	87
PID 1596 wrote to memory of 3472	1596	cc6c15a569dec7794d076732cff33a93.exe	87
PID 3472 wrote to memory of 2320	3472	svchos.exe	99
PID 3472 wrote to memory of 2320	3472	svchos.exe	99
PID 3472 wrote to memory of 2320	3472	svchos.exe	99
PID 2320 wrote to memory of 5064	2320	svchos.exe	102
PID 2320 wrote to memory of 5064	2320	svchos.exe	102
PID 2320 wrote to memory of 5064	2320	svchos.exe	102
PID 5064 wrote to memory of 3956	5064	svchos.exe	104
PID 5064 wrote to memory of 3956	5064	svchos.exe	104
PID 5064 wrote to memory of 3956	5064	svchos.exe	104
PID 3956 wrote to memory of 4396	3956	svchos.exe	105
PID 3956 wrote to memory of 4396	3956	svchos.exe	105
PID 3956 wrote to memory of 4396	3956	svchos.exe	105
PID 4396 wrote to memory of 632	4396	svchos.exe	107
PID 4396 wrote to memory of 632	4396	svchos.exe	107
PID 4396 wrote to memory of 632	4396	svchos.exe	107
PID 632 wrote to memory of 2408	632	svchos.exe	108
PID 632 wrote to memory of 2408	632	svchos.exe	108
PID 632 wrote to memory of 2408	632	svchos.exe	108
PID 2408 wrote to memory of 784	2408	svchos.exe	117
PID 2408 wrote to memory of 784	2408	svchos.exe	117
PID 2408 wrote to memory of 784	2408	svchos.exe	117
PID 784 wrote to memory of 4128	784	svchos.exe	118
PID 784 wrote to memory of 4128	784	svchos.exe	118
PID 784 wrote to memory of 4128	784	svchos.exe	118
PID 4128 wrote to memory of 3284	4128	svchos.exe	122
PID 4128 wrote to memory of 3284	4128	svchos.exe	122
PID 4128 wrote to memory of 3284	4128	svchos.exe	122

C:\Users\Admin\AppData\Local\Temp\cc6c15a569dec7794d076732cff33a93.exe
"C:\Users\Admin\AppData\Local\Temp\cc6c15a569dec7794d076732cff33a93.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Windows\SysWOW64\svchos.exe
  C:\Windows\system32\svchos.exe 1040 "C:\Users\Admin\AppData\Local\Temp\cc6c15a569dec7794d076732cff33a93.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3472
- - C:\Windows\SysWOW64\svchos.exe
    C:\Windows\system32\svchos.exe 1152 "C:\Windows\SysWOW64\svchos.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2320
  - - C:\Windows\SysWOW64\svchos.exe
      C:\Windows\system32\svchos.exe 1128 "C:\Windows\SysWOW64\svchos.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:5064
    - - C:\Windows\SysWOW64\svchos.exe
        
        C:\Windows\system32\svchos.exe 1132 "C:\Windows\SysWOW64\svchos.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3956
      - C:\Windows\SysWOW64\svchos.exe
        
        C:\Windows\system32\svchos.exe 1124 "C:\Windows\SysWOW64\svchos.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4396
        
        C:\Windows\SysWOW64\svchos.exe
        
        C:\Windows\system32\svchos.exe 1136 "C:\Windows\SysWOW64\svchos.exe"
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:632
        
        C:\Windows\SysWOW64\svchos.exe
        
        C:\Windows\system32\svchos.exe 1144 "C:\Windows\SysWOW64\svchos.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2408
        
        C:\Windows\SysWOW64\svchos.exe
        
        C:\Windows\system32\svchos.exe 1116 "C:\Windows\SysWOW64\svchos.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:784
        
        C:\Windows\SysWOW64\svchos.exe
        
        C:\Windows\system32\svchos.exe 1104 "C:\Windows\SysWOW64\svchos.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4128
        
        C:\Windows\SysWOW64\svchos.exe
        
        C:\Windows\system32\svchos.exe 1160 "C:\Windows\SysWOW64\svchos.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\svchos.exe

Filesize
121KB

MD5
cc6c15a569dec7794d076732cff33a93

SHA1
786795a1ecf3b7fd69d4b56fc2bc37dfaee45a83

SHA256
6359d61a855f8bc5972922e31cabfbdb96c9c7d4c0c3f9a07f9ed46b8584777c

SHA512
32239c3adbb3ee9c344f355655c8ecd8976b604c65b73dd0ea6527396922803fcbebfd9642b020701ff951a39e4b48be5f2b9bf179b6cbe61bba4db033915452

Download Submit
memory/632-45-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/632-47-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/632-43-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/784-58-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/784-60-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/1596-3-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/1596-14-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/1596-0-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/1596-2-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/1596-1-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/2320-19-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2320-21-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/2408-50-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/2408-54-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/2408-52-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/3284-72-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/3284-70-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/3472-15-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/3472-10-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/3472-13-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/3956-30-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/3956-32-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/3956-34-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/4128-64-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/4128-66-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/4396-40-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download
memory/4396-38-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/5064-25-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/5064-27-0x0000000000400000-0x00000000004AC2E5-memory.dmp

Filesize
688KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads