aa2bc6bdab3c1cd9cc94e92a00f2501ffd6bef384e69e605b9533ee4a9af2fcc

Resubmissions

25-12-2024 11:40

241225-ns1f3ssmct 10

20-06-2024 01:12

240620-bk1qnavdrk 10

01-06-2024 22:28

240601-2d43lsgh7s 10

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Court Project V1.1/Doxinfo.exe
Size

90KB
MD5

078639fa0eda91454c03374bb90d938f
SHA1

a10c694f38759187098c57d63c0ae925322cdfa9
SHA256

cc2028db9daecfc962308f695bca0d46ea2e451984e4762c14dd8c3f3f055bae
SHA512

1f0348ab86e54df0928e99005ce7e9f097eed5a57f1dfad1dae6994725fef194ae7cdbe965f872b446465a566a523f587f01292f8e966fbdcb367227a098360e
SSDEEP

1536:mLdD+0MON593j/NL0R21zt2kxi9dBkLpwWoNVzqkjaOT:mLdSro1xL221ztidmWr1n

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2388	2364	Doxinfo.exe	29
PID 2364 wrote to memory of 2388	2364	Doxinfo.exe	29
PID 2364 wrote to memory of 2388	2364	Doxinfo.exe	29
PID 2364 wrote to memory of 2388	2364	Doxinfo.exe	29
PID 2388 wrote to memory of 3016	2388	cmd.exe	30
PID 2388 wrote to memory of 3016	2388	cmd.exe	30
PID 2388 wrote to memory of 3016	2388	cmd.exe	30
PID 2388 wrote to memory of 3016	2388	cmd.exe	30
PID 2388 wrote to memory of 2416	2388	cmd.exe	31
PID 2388 wrote to memory of 2416	2388	cmd.exe	31
PID 2388 wrote to memory of 2416	2388	cmd.exe	31
PID 2388 wrote to memory of 2416	2388	cmd.exe	31
PID 2388 wrote to memory of 1716	2388	cmd.exe	32
PID 2388 wrote to memory of 1716	2388	cmd.exe	32
PID 2388 wrote to memory of 1716	2388	cmd.exe	32
PID 2388 wrote to memory of 1716	2388	cmd.exe	32
PID 2388 wrote to memory of 1420	2388	cmd.exe	33
PID 2388 wrote to memory of 1420	2388	cmd.exe	33
PID 2388 wrote to memory of 1420	2388	cmd.exe	33
PID 2388 wrote to memory of 1420	2388	cmd.exe	33
PID 2388 wrote to memory of 2852	2388	cmd.exe	34
PID 2388 wrote to memory of 2852	2388	cmd.exe	34
PID 2388 wrote to memory of 2852	2388	cmd.exe	34
PID 2388 wrote to memory of 2852	2388	cmd.exe	34
PID 2388 wrote to memory of 2544	2388	cmd.exe	35
PID 2388 wrote to memory of 2544	2388	cmd.exe	35
PID 2388 wrote to memory of 2544	2388	cmd.exe	35
PID 2388 wrote to memory of 2544	2388	cmd.exe	35
PID 2388 wrote to memory of 2560	2388	cmd.exe	36
PID 2388 wrote to memory of 2560	2388	cmd.exe	36
PID 2388 wrote to memory of 2560	2388	cmd.exe	36
PID 2388 wrote to memory of 2560	2388	cmd.exe	36
PID 2388 wrote to memory of 2580	2388	cmd.exe	37
PID 2388 wrote to memory of 2580	2388	cmd.exe	37
PID 2388 wrote to memory of 2580	2388	cmd.exe	37
PID 2388 wrote to memory of 2580	2388	cmd.exe	37
PID 2388 wrote to memory of 2660	2388	cmd.exe	38
PID 2388 wrote to memory of 2660	2388	cmd.exe	38
PID 2388 wrote to memory of 2660	2388	cmd.exe	38
PID 2388 wrote to memory of 2660	2388	cmd.exe	38
PID 2388 wrote to memory of 2712	2388	cmd.exe	39
PID 2388 wrote to memory of 2712	2388	cmd.exe	39
PID 2388 wrote to memory of 2712	2388	cmd.exe	39
PID 2388 wrote to memory of 2712	2388	cmd.exe	39

C:\Users\Admin\AppData\Local\Temp\Court Project V1.1\Doxinfo.exe
"C:\Users\Admin\AppData\Local\Temp\Court Project V1.1\Doxinfo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\E82.tmp\Doxinfo.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Windows\SysWOW64\mode.com
    MODE con: cols=110 lines=45
    3⤵
    PID:3016
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
    3⤵
    PID:2416
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:04 /R "+" " --- Cyber Hacking ---" nul
    3⤵
    PID:1716
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:07 /R "+" " CODED BY @Luishino Pericena Choque " nul
    3⤵
    PID:1420
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:0E /R "+" " COMANDOS" nul
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:06 /R "+" " [-]web Buscar en sitios web [-]url Acortador de link [-]inf Informacion" nul
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:06 /R "+" " [-]img Buscar imagenes [-]cls Limpiar la pantalla [-]v Version" nul
    3⤵
    PID:2560
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:06 /R "+" " [-]ip Buscar ubicacion [-]help Ayuda con Doxinfo" nul
    3⤵
    PID:2580
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:0C /R "+" " [+] Seleccione una opcion" nul
    3⤵
    PID:2660
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:0C /R "+" " (Doxinfo)" nul
    3⤵
    PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Court Project V1.1\ --- Cyber Hacking ---

Filesize
3B

MD5
df66fa563a2fafdb93cc559deb0a38c4

SHA1
e6666cf8574b0f7a9ae5bccee572f965c2aec9cb

SHA256
3e39ed22dc63246937c4dbbf34ce4fb1cfe6b00de7596b020cad49ae50031351

SHA512
34ea05ee75cd840a94526411777868edb293a69867e1fdc2c2e917d278a3d58fcb86afc65142f4b184ce6907f04fb254a86061cfb620f01874b0b454a6f01c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\E82.tmp\Doxinfo.bat

Filesize
21KB

MD5
f90f7f81bed1f7f200df22de5eae78fd

SHA1
5925de3264089069d76e673640006f2b99da4f0f

SHA256
e8f44227a9090d0e118843f5706c52409655ce5f5363bba08dcc3682ad727930

SHA512
70e8d1adb6d94e08a43caeadfb953c6d77b04b5e38761d77ca3924b7356f117e9fe030d01eaf826dd7d37607b6bbb1a8d5e72290107c311bc0423dc85d360711

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads