Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
29-04-2024 04:04
Static task
static1
Behavioral task
behavioral1
Sample
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe
Resource
win10-20240404-en
General
-
Target
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe
-
Size
4.7MB
-
MD5
7adc2b31432caafba0ed9d52462be282
-
SHA1
58f3e9434b91bcc5d1592c15699e15eff51c06f4
-
SHA256
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75
-
SHA512
004b9965aeea14dd6b613f5a0b7a0c80c021179814dbc41287a9a0c070ad743d360803e0654614334885193a26a8aee8c001931d4ecd8ab219a806005fd1d244
-
SSDEEP
98304:CyW64h3r9HmzVv/LxaXSufJX70CtvLnupsdgoj9ghi1RebMIg9Cbk/V+:+7hBcVv16zupsdgojDIg9Cbk/V+
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exepid process 2220 cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exedescription pid process target process PID 2220 wrote to memory of 2900 2220 cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe explorer.exe PID 2220 wrote to memory of 2900 2220 cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe explorer.exe PID 2220 wrote to memory of 2900 2220 cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe explorer.exe PID 2220 wrote to memory of 2900 2220 cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe explorer.exe PID 2220 wrote to memory of 2900 2220 cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe explorer.exe PID 2220 wrote to memory of 2900 2220 cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe explorer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe"C:\Users\Admin\AppData\Local\Temp\cc702f6be6f65fd3e56e73c274a7e3e8ff63d4e18cf47b4525cc1cd9040cdc75.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2220-0-0x0000000000EB0000-0x0000000001363000-memory.dmpFilesize
4.7MB
-
memory/2900-1-0x0000000000120000-0x0000000000221000-memory.dmpFilesize
1.0MB
-
memory/2900-4-0x0000000000120000-0x0000000000221000-memory.dmpFilesize
1.0MB
-
memory/2900-3-0x0000000000120000-0x0000000000221000-memory.dmpFilesize
1.0MB
-
memory/2900-5-0x00000000024A0000-0x000000000250D000-memory.dmpFilesize
436KB