Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 18:02
Behavioral task
behavioral1
Sample
CROWN.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
CROWN.exe
Resource
win10v2004-20240226-en
General
-
Target
CROWN.exe
-
Size
12.6MB
-
MD5
8030e7cc862966d3a8f0d38a5e53f5c2
-
SHA1
aa88ab0e2a09a27a1ec0a53048c89eecd652d807
-
SHA256
19a8347fc352260145f0129da88c7208df186a98ae3ef2bc2a162eed733b1da8
-
SHA512
301c3a1a70c632f23596106a283dba712d95fe340ba9cd2ca5db63c7842167373fdf25dad3bbf6567ebf0b710541a90396a5469cdbaf70d2f1160e7dacb920d4
-
SSDEEP
393216:POVZxlHOFGCEDs9/DX4GH2ciIrHWRnxsAr3+:QBHCEDs9/kILIxXr
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
CROWN.exepid process 2300 CROWN.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
CROWN.exedescription pid process target process PID 1868 wrote to memory of 2300 1868 CROWN.exe CROWN.exe PID 1868 wrote to memory of 2300 1868 CROWN.exe CROWN.exe PID 1868 wrote to memory of 2300 1868 CROWN.exe CROWN.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI18682\python39.dllFilesize
4.3MB
MD51d5e4c20a20740f38f061bdf48aaca4f
SHA1de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0
SHA256f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366
SHA5129df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397