aa2bc6bdab3c1cd9cc94e92a00f2501ffd6bef384e69e605b9533ee4a9af2fcc

Resubmissions

25-12-2024 11:40

241225-ns1f3ssmct 10

20-06-2024 01:12

240620-bk1qnavdrk 10

01-06-2024 22:28

240601-2d43lsgh7s 10

Analysis

max time kernel
134s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Court Project V1.1/Doxinfo.exe
Size

90KB
MD5

078639fa0eda91454c03374bb90d938f
SHA1

a10c694f38759187098c57d63c0ae925322cdfa9
SHA256

cc2028db9daecfc962308f695bca0d46ea2e451984e4762c14dd8c3f3f055bae
SHA512

1f0348ab86e54df0928e99005ce7e9f097eed5a57f1dfad1dae6994725fef194ae7cdbe965f872b446465a566a523f587f01292f8e966fbdcb367227a098360e
SSDEEP

1536:mLdD+0MON593j/NL0R21zt2kxi9dBkLpwWoNVzqkjaOT:mLdSro1xL221ztidmWr1n

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 2388	804	Doxinfo.exe	84
PID 804 wrote to memory of 2388	804	Doxinfo.exe	84
PID 804 wrote to memory of 2388	804	Doxinfo.exe	84
PID 2388 wrote to memory of 4328	2388	cmd.exe	86
PID 2388 wrote to memory of 4328	2388	cmd.exe	86
PID 2388 wrote to memory of 4328	2388	cmd.exe	86
PID 2388 wrote to memory of 4276	2388	cmd.exe	87
PID 2388 wrote to memory of 4276	2388	cmd.exe	87
PID 2388 wrote to memory of 4276	2388	cmd.exe	87
PID 2388 wrote to memory of 1260	2388	cmd.exe	88
PID 2388 wrote to memory of 1260	2388	cmd.exe	88
PID 2388 wrote to memory of 1260	2388	cmd.exe	88
PID 2388 wrote to memory of 5016	2388	cmd.exe	90
PID 2388 wrote to memory of 5016	2388	cmd.exe	90
PID 2388 wrote to memory of 5016	2388	cmd.exe	90
PID 2388 wrote to memory of 660	2388	cmd.exe	91
PID 2388 wrote to memory of 660	2388	cmd.exe	91
PID 2388 wrote to memory of 660	2388	cmd.exe	91
PID 2388 wrote to memory of 4764	2388	cmd.exe	92
PID 2388 wrote to memory of 4764	2388	cmd.exe	92
PID 2388 wrote to memory of 4764	2388	cmd.exe	92
PID 2388 wrote to memory of 2232	2388	cmd.exe	93
PID 2388 wrote to memory of 2232	2388	cmd.exe	93
PID 2388 wrote to memory of 2232	2388	cmd.exe	93
PID 2388 wrote to memory of 464	2388	cmd.exe	94
PID 2388 wrote to memory of 464	2388	cmd.exe	94
PID 2388 wrote to memory of 464	2388	cmd.exe	94
PID 2388 wrote to memory of 3000	2388	cmd.exe	95
PID 2388 wrote to memory of 3000	2388	cmd.exe	95
PID 2388 wrote to memory of 3000	2388	cmd.exe	95
PID 2388 wrote to memory of 4552	2388	cmd.exe	96
PID 2388 wrote to memory of 4552	2388	cmd.exe	96
PID 2388 wrote to memory of 4552	2388	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\Court Project V1.1\Doxinfo.exe
"C:\Users\Admin\AppData\Local\Temp\Court Project V1.1\Doxinfo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5DFE.tmp\Doxinfo.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Windows\SysWOW64\mode.com
    MODE con: cols=110 lines=45
    3⤵
    PID:4328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
    3⤵
    PID:4276
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:04 /R "+" " --- Cyber Hacking ---" nul
    3⤵
    PID:1260
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:07 /R "+" " CODED BY @Luishino Pericena Choque " nul
    3⤵
    PID:5016
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:0E /R "+" " COMANDOS" nul
    3⤵
    PID:660
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:06 /R "+" " [-]web Buscar en sitios web [-]url Acortador de link [-]inf Informacion" nul
    3⤵
    PID:4764
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:06 /R "+" " [-]img Buscar imagenes [-]cls Limpiar la pantalla [-]v Version" nul
    3⤵
    PID:2232
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:06 /R "+" " [-]ip Buscar ubicacion [-]help Ayuda con Doxinfo" nul
    3⤵
    PID:464
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:0C /R "+" " [+] Seleccione una opcion" nul
    3⤵
    PID:3000
- - C:\Windows\SysWOW64\findstr.exe
    findstr /v /a:0C /R "+" " (Doxinfo)" nul
    3⤵
    PID:4552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5DFE.tmp\Doxinfo.bat

Filesize
21KB

MD5
f90f7f81bed1f7f200df22de5eae78fd

SHA1
5925de3264089069d76e673640006f2b99da4f0f

SHA256
e8f44227a9090d0e118843f5706c52409655ce5f5363bba08dcc3682ad727930

SHA512
70e8d1adb6d94e08a43caeadfb953c6d77b04b5e38761d77ca3924b7356f117e9fe030d01eaf826dd7d37607b6bbb1a8d5e72290107c311bc0423dc85d360711

Download Submit
C:\Users\Admin\AppData\Local\Temp\Court Project V1.1\ --- Cyber Hacking ---

Filesize
3B

MD5
df66fa563a2fafdb93cc559deb0a38c4

SHA1
e6666cf8574b0f7a9ae5bccee572f965c2aec9cb

SHA256
3e39ed22dc63246937c4dbbf34ce4fb1cfe6b00de7596b020cad49ae50031351

SHA512
34ea05ee75cd840a94526411777868edb293a69867e1fdc2c2e917d278a3d58fcb86afc65142f4b184ce6907f04fb254a86061cfb620f01874b0b454a6f01c18

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads