19a8347fc352260145f0129da88c7208df186a98ae3ef2bc2a162eed733b1da8 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 18:02

Sharing

Report Analysis Logs

General

Target

CROWN.exe
Size

12.6MB
MD5

8030e7cc862966d3a8f0d38a5e53f5c2
SHA1

aa88ab0e2a09a27a1ec0a53048c89eecd652d807
SHA256

19a8347fc352260145f0129da88c7208df186a98ae3ef2bc2a162eed733b1da8
SHA512

301c3a1a70c632f23596106a283dba712d95fe340ba9cd2ca5db63c7842167373fdf25dad3bbf6567ebf0b710541a90396a5469cdbaf70d2f1160e7dacb920d4
SSDEEP

393216:POVZxlHOFGCEDs9/DX4GH2ciIrHWRnxsAr3+:QBHCEDs9/kILIxXr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

CROWN.exe

pid process

2300 CROWN.exe
Suspicious use of WriteProcessMemory 3 IoCs

Processes:

CROWN.exe

description pid process target process

PID 1868 wrote to memory of 2300 1868 CROWN.exe CROWN.exe
PID 1868 wrote to memory of 2300 1868 CROWN.exe CROWN.exe
PID 1868 wrote to memory of 2300 1868 CROWN.exe CROWN.exe

C:\Users\Admin\AppData\Local\Temp\CROWN.exe
"C:\Users\Admin\AppData\Local\Temp\CROWN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868

C:\Users\Admin\AppData\Local\Temp\CROWN.exe
"C:\Users\Admin\AppData\Local\Temp\CROWN.exe"
2⤵
- Loads dropped DLL
PID:2300

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI18682\python39.dll
Filesize
4.3MB

MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit