5cdddd2b089ee389e5299358f2030d4068b3fb84b4dfc4d859d46221cef096c2 | Triage

Analysis

max time kernel
8s
max time network
8s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 19:49

Sharing

Report Analysis Logs

General

Target

IXWare.exe
Size

18.6MB
MD5

2cdb3442775a20dc7d7e45cf362bd04a
SHA1

4a7af7a8f27b05e51734d35f5861b53600aba25c
SHA256

5cdddd2b089ee389e5299358f2030d4068b3fb84b4dfc4d859d46221cef096c2
SHA512

6e19019ac48e0dfba68bade3ed98728b18fa3b9ca0c2213a7e72cdc6ad3e303e8cb7b0fe40fbfd90314bc34472f05a88e5d59af13c03031ef0e0dccae75f9924
SSDEEP

393216:qu7L/quL9QDDJxvJ/m3pn9aq+ZkFQJ4ux04V4ahnWa4VcX3M5:qCLS08hJKACk4uzPnW1cX3M5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1768	IXWare.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1768	2928	IXWare.exe	29
PID 2928 wrote to memory of 1768	2928	IXWare.exe	29
PID 2928 wrote to memory of 1768	2928	IXWare.exe	29

C:\Users\Admin\AppData\Local\Temp\IXWare.exe
"C:\Users\Admin\AppData\Local\Temp\IXWare.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\IXWare.exe
  "C:\Users\Admin\AppData\Local\Temp\IXWare.exe"
  2⤵
  - Loads dropped DLL
  PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29282\python310.dll

Filesize
4.3MB

MD5
e4533934b37e688106beac6c5919281e

SHA1
ada39f10ef0bbdcf05822f4260e43d53367b0017

SHA256
2bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5

SHA512
fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9

Download Submit