635e14fff2d35b06a1402bb956bedfeb832596701a01baf234d5e51c48570c32

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 19:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cc32ae88a22ed117e84336886fcc55ad.exe
Size

229KB
MD5

cc32ae88a22ed117e84336886fcc55ad
SHA1

26368bd524cd7974fd1fc9b892812c44a6235823
SHA256

635e14fff2d35b06a1402bb956bedfeb832596701a01baf234d5e51c48570c32
SHA512

5a98b5adcd082d8248142fb9ca8a81e63a9ac48176c54ec638199f24fce03a4ea3a2fe53012f3278831696831a8613663525ae12047a8cedd4d74b159e5a587e
SSDEEP

6144:cRgym92YGB+40vPLGPATaPdj78tv60seaqBRqNGsJE+O:06fu+40vPC5YvnBamqQ4fO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2552	winvnc.exe

Loads dropped DLL 5 IoCs

pid	Process
2212	cc32ae88a22ed117e84336886fcc55ad.exe
2212	cc32ae88a22ed117e84336886fcc55ad.exe
2552	winvnc.exe
2552	winvnc.exe
2552	winvnc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2552	2212	cc32ae88a22ed117e84336886fcc55ad.exe	28
PID 2212 wrote to memory of 2552	2212	cc32ae88a22ed117e84336886fcc55ad.exe	28
PID 2212 wrote to memory of 2552	2212	cc32ae88a22ed117e84336886fcc55ad.exe	28
PID 2212 wrote to memory of 2552	2212	cc32ae88a22ed117e84336886fcc55ad.exe	28
PID 2212 wrote to memory of 2552	2212	cc32ae88a22ed117e84336886fcc55ad.exe	28
PID 2212 wrote to memory of 2552	2212	cc32ae88a22ed117e84336886fcc55ad.exe	28
PID 2212 wrote to memory of 2552	2212	cc32ae88a22ed117e84336886fcc55ad.exe	28

C:\Users\Admin\AppData\Local\Temp\cc32ae88a22ed117e84336886fcc55ad.exe
"C:\Users\Admin\AppData\Local\Temp\cc32ae88a22ed117e84336886fcc55ad.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\7zS751.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS751.tmp\background.bmp

Filesize
1KB

MD5
04e85705e55fdce220278ebb75331baa

SHA1
f8da5272ebdfd32239eed0374feb9d8a51d44c50

SHA256
160191cc57be4f87d48284c12159308b7a59dbb0b062f9ae830c66b820eba662

SHA512
1d35c18bde5776e9f575d3ff1cd867e0f986cb77db9a589733ff3671f6fa4fc874d25490515186534410965f1909b8a47bd9368cf36274792e143777d760c975

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS751.tmp\helpdesk.txt

Filesize
2KB

MD5
db5b2ab2f7fe0a1cc0ff4c226df309e5

SHA1
375c41904e84606a0fb0a47c50f76f2bb397b8b4

SHA256
769afee950d2866873a026460de90cae78a3af6352ece53d3fb21c9f52fafebf

SHA512
b355f70b4c38d372f54655aefc7981acf0ee387ce3dc412e891f6ca3e6a06c801fa3376236596f47309b7fa12ed8aacdf39a1297bc85c5bdb4ff2712c583d0e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS751.tmp\logo.bmp

Filesize
103KB

MD5
94357798c6bd495a61c0f8d99688363e

SHA1
9cb165e5651b6bf98d28746bba2dee7c9854754a

SHA256
d7d45dced6afd8eb4ff0f6c96b08fa63eec2105b0c2ad80c099dfbbf992d09d1

SHA512
f5358ab200d4edbd59c3942919d05a23b16e37f628dd57e2a9888568a93c4f7c8f1d9325f1a5589c5c6283070178ec5a1c7b253b67eb06219370f98135785ae1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS751.tmp\winvnc.exe

Filesize
236KB

MD5
77de6bb7c680776fa67a5646072b7fed

SHA1
7f3c35d85c96ff903844feaf1aed010a34119c40

SHA256
50831333c6ba49fc871ca20f4a4778119e24fb975912023fd4c8bfd72b45c191

SHA512
c7e84578ac2ad87c4595496e695f66245910a446aaa54cc2540feed18a0cc6933d88570aa0280749e5ae8374f6643d20e98ca57f6ad437cc3dc6acf916a4bd5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads