5781c5466d7da49fd3e1bf1d69794a52b4fa77c173bb5127198b55923e3d7d54 | Triage

Analysis

max time kernel
24s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04-08-2024 20:05

Sharing

Report Analysis Logs

General

Target

CoolR6.exe
Size

17.6MB
MD5

6fdd3c3462d1a4a39b9fb67af06395db
SHA1

7f06a83384d4d79b570db166cb91daf5afe82bf2
SHA256

5781c5466d7da49fd3e1bf1d69794a52b4fa77c173bb5127198b55923e3d7d54
SHA512

93299f7be003ffe93ba25745b9a5b5ed795cf6a6b2f3bf1c05d85c68899f1c1cba0b8f28118048172c5a2de4b6d221ccdfd30684ebdde1b01857857c1adbc846
SSDEEP

393216:ELQtsuwT+X41+TtIiFq8uARuAQsFXmb6CqzWImE:8QtsH6o1QtI18uAgs8yCxE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2944	CoolR6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2944	2384	CoolR6.exe	30
PID 2384 wrote to memory of 2944	2384	CoolR6.exe	30
PID 2384 wrote to memory of 2944	2384	CoolR6.exe	30

C:\Users\Admin\AppData\Local\Temp\CoolR6.exe
"C:\Users\Admin\AppData\Local\Temp\CoolR6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\CoolR6.exe
  "C:\Users\Admin\AppData\Local\Temp\CoolR6.exe"
  2⤵
  - Loads dropped DLL
  PID:2944

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23842\python311.dll

Filesize
5.5MB

MD5
387bb2c1e40bde1517f06b46313766be

SHA1
601f83ef61c7699652dec17edd5a45d6c20786c4

SHA256
0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

SHA512
521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

Download Submit