7ae0e1f67e9b3874583a53d7399d4a75ab794561b0d62423542c6e4558e3bc35 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-04-2024 19:12

Sharing

Report Analysis Logs

General

Target

CodToolUPDATED.exe
Size

30.5MB
MD5

fa7ff55a94d629ca1af12bba73582635
SHA1

ff0dc0e3b466a06472387387163517839f30a9c6
SHA256

7ae0e1f67e9b3874583a53d7399d4a75ab794561b0d62423542c6e4558e3bc35
SHA512

aa80f829f6a8620276174bec73a8139d8b19f2c893316f142cda922e4d31236dacb86fba3f4586203ba092f5875205f1d3f5d339fa432be9a9db2aba6b8e77db
SSDEEP

786432:naAWibibX71QtIJ2j6+s7LWB75zuPNdS3ILn6eByJKm+da:naHbXJiIJ2qHWB75iVdSG1BzA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

CodToolUPDATED.exe

pid process

2544 CodToolUPDATED.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

CodToolUPDATED.exe

description	pid	process	target process
PID 1724 wrote to memory of 2544	1724	CodToolUPDATED.exe	CodToolUPDATED.exe
PID 1724 wrote to memory of 2544	1724	CodToolUPDATED.exe	CodToolUPDATED.exe
PID 1724 wrote to memory of 2544	1724	CodToolUPDATED.exe	CodToolUPDATED.exe

C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe
"C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724

C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe
"C:\Users\Admin\AppData\Local\Temp\CodToolUPDATED.exe"
2⤵
- Loads dropped DLL
PID:2544

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17242\python312.dll
Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit