Overview

overview

10

Static

static

Jack Move.exe

windows7_x64

1

Jack Move.exe

windows10-2004_x64

7

freebl3.dll

windows7_x64

1

freebl3.dll

windows10-2004_x64

4

mozglue.dll

windows7_x64

3

mozglue.dll

windows10-2004_x64

10

msvcp140.dll

windows7_x64

3

msvcp140.dll

windows10-2004_x64

10

nss3.dll

windows7_x64

1

nss3.dll

windows10-2004_x64

10

softokn3.dll

windows7_x64

3

softokn3.dll

windows10-2004_x64

10

sqlite3.dll

windows7_x64

3

sqlite3.dll

windows10-2004_x64

10

vcruntime140.dll

windows7_x64

1

vcruntime140.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    187s
  • max time network
    220s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    19-02-2022 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Jack Move.exe

  • Size

    80.1MB

  • MD5

    39794b681edd8dfa2c50ddae6d875585

  • SHA1

    8823c542786d6b669946206cdcbd3d7de4698ae6

  • SHA256

    53927686261b37088a9c8ca2e410526c4c2d3aa08414c653da0640a79ba128e8

  • SHA512

    207b3e9f6a145dd477d96dbc4a8a74c441c3981bb922af37ebcfeb94b873145b783887a7920bbc9d60af0015fd5acf88266f76ddaea4716ffd771eb19cf5870c

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Jack Move.exe
    "C:\Users\Admin\AppData\Local\Temp\Jack Move.exe"
    1⤵
    • Loads dropped DLL
    PID:4784
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1128

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\.nexe_natives\sqlite3\lib\binding\napi-v3-win32-x64\node_sqlite3.node
    MD5

    56192831a7f808874207ba593f464415

    SHA1

    e0c18c72a62692d856da1f8988b0bc9c8088d2aa

    SHA256

    6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c

    SHA512

    c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

    Download Submit

  • C:\Users\Admin\.nexe_natives\win-dpapi\build\Release\node-dpapi.node
    MD5

    5a152897598d6ffc1912b124bf62f3b7

    SHA1

    f32c1866c88f43782ca16e66abdc2337fbe0bc10

    SHA256

    7a1f4c63eaae9853ddeb88ab3de9d5a36750e5e5e83c21f75bdff6c7c26ab7e8

    SHA512

    43d4f65c2f8bd1764a04d0c85a9b42ade28947621e5506fd48b41c84cb68d1bcb151df344e63a2e76ea55406e7d5ae8f4c8b295b00a71b98068b5da0c25b935c

    Download Submit

  • memory/1128-133-0x000001E0A7B70000-0x000001E0A7B80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1128-134-0x000001E0A8220000-0x000001E0A8230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1128-135-0x000001E0AA8F0000-0x000001E0AA8F4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1128-136-0x000001E0AA9F0000-0x000001E0AA9F4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1128-137-0x000001E0AA9E0000-0x000001E0AA9E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4784-130-0x000001D13A470000-0x000001D13A471000-memory.dmp

    Filesize

    4KB

    Download