Overview

overview

7

Static

static

3

Cortex.Com...er.exe

windows7-x64

7

Cortex.Com...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cortex.Command.Installer.exe

  • Size

    107.0MB

  • MD5

    ffbfd537f581450c0fbef4274eed5ad1

  • SHA1

    1379b1b30b9dad1ad9f499d32f6487cf06e82b73

  • SHA256

    f98d9022a796c324c8258577fc0bbee43c02a746be10e791eae1e42da1fc989b

  • SHA512

    582bda95dad7b0246ebc23a2744dcfd368fb4f7040d44feb44d6cf742dd5e49ebbe7b1d381b465158493e0f285ed8b5fa4496d0647a64b1ee8e447da8555212e

  • SSDEEP

    3145728:G+1bLx+WzEcHFE7tYT7pVnYXdqySLE9Hut9hY4aEoBd:GefVzEclgtO7p6NHWoO9FOd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cortex.Command.Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Cortex.Command.Installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Users\Admin\AppData\Local\Temp\is-6UFS4.tmp\Cortex.Command.Installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-6UFS4.tmp\Cortex.Command.Installer.tmp" /SL5="$6014E,111100972,778752,C:\Users\Admin\AppData\Local\Temp\Cortex.Command.Installer.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-6UFS4.tmp\Cortex.Command.Installer.tmp
    Filesize

    3.0MB

    MD5

    912f6ca6f6944835331b43c4b6acab1e

    SHA1

    518dee1399e0eb6359493545bddd61a5a3885152

    SHA256

    433a0337ded5f5f457c79b2c8fd82c3e0abf5665ec27db53eb8f82db1a0597a4

    SHA512

    13ad6b4b55be833f40c25ce09b846302ee03f4b53da549e7f91ef17fff43dd7dec5b202c0da69a6672ae594790f9acf56f16563f4eb8b285a814fa6d26f01977

    Download Submit

  • memory/1788-8-0x0000000000400000-0x0000000000707000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1788-11-0x0000000000400000-0x0000000000707000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2748-0-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download

  • memory/2748-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2748-10-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download