aa18c2f228b184214e025d6ebdfc94ae81ef71f9ed8db61c7a17dd27a389e03c | Triage

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 15:25

Sharing

Report Analysis Logs

General

Target

crack.exe
Size

3.5MB
MD5

d07b46fa985916fc195edc35126db8b3
SHA1

27899e2743efffc80fb80f8989b93ed4c02a27ea
SHA256

aa18c2f228b184214e025d6ebdfc94ae81ef71f9ed8db61c7a17dd27a389e03c
SHA512

2d308c9ef7da2dce1079220a48918fedee5e0ff693f1eff4934dd2d40f78787f457423acaba0f0ccb1a8222f6158be4dc031f8467843b7e81229e6c533f1ff32
SSDEEP

49152:YdPL0f7Qg404qKEqFYCZ4ao69EQdlg0pPRghtPXWihxGQ3fE3LtRIT:GK/IZBpP0JWnQ3sJGT

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe
2440	crack.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 268	2440	crack.exe	28
PID 2440 wrote to memory of 268	2440	crack.exe	28
PID 2440 wrote to memory of 268	2440	crack.exe	28

C:\Users\Admin\AppData\Local\Temp\crack.exe
"C:\Users\Admin\AppData\Local\Temp\crack.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start Nighty.exe
  2⤵
  PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2440-0-0x000000013F380000-0x000000013F89D000-memory.dmp

Filesize
5.1MB

Download
memory/2440-7-0x000000013F380000-0x000000013F89D000-memory.dmp

Filesize
5.1MB

Download