Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-04-2024 19:12
Behavioral task
behavioral1
Sample
CodToolUPDATED.exe
Resource
win7-20240221-en
General
-
Target
CodToolUPDATED.exe
-
Size
30.5MB
-
MD5
fa7ff55a94d629ca1af12bba73582635
-
SHA1
ff0dc0e3b466a06472387387163517839f30a9c6
-
SHA256
7ae0e1f67e9b3874583a53d7399d4a75ab794561b0d62423542c6e4558e3bc35
-
SHA512
aa80f829f6a8620276174bec73a8139d8b19f2c893316f142cda922e4d31236dacb86fba3f4586203ba092f5875205f1d3f5d339fa432be9a9db2aba6b8e77db
-
SSDEEP
786432:naAWibibX71QtIJ2j6+s7LWB75zuPNdS3ILn6eByJKm+da:naHbXJiIJ2qHWB75iVdSG1BzA
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
CodToolUPDATED.exepid process 2544 CodToolUPDATED.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
CodToolUPDATED.exedescription pid process target process PID 1724 wrote to memory of 2544 1724 CodToolUPDATED.exe CodToolUPDATED.exe PID 1724 wrote to memory of 2544 1724 CodToolUPDATED.exe CodToolUPDATED.exe PID 1724 wrote to memory of 2544 1724 CodToolUPDATED.exe CodToolUPDATED.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe"C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe"C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe"2⤵
- Loads dropped DLL
PID:2544
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI17242\python312.dllFilesize
6.7MB
MD5550288a078dffc3430c08da888e70810
SHA101b1d31f37fb3fd81d893cc5e4a258e976f5884f
SHA256789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d
SHA5127244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723