Overview

overview

10

Static

static

bcf2da6011...7a.exe

windows7-x64

10

bcf2da6011...7a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2022 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a.exe

  • Size

    18KB

  • MD5

    c5ef1eaebf1e47a694a54fd29712da47

  • SHA1

    76bd4ad239844b6ed757aab254a96c1079fcd1d4

  • SHA256

    bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a

  • SHA512

    75f10dff7a1fc1ed88d831cebfe97a779cd63944e2a4afe2ea6aec77ed0a0b2dcc26fb2897ec9d4cfff7597aecfdad9677ffa8503b27a08a4329baf3cc462e9a

  • SSDEEP

    384:PWvWCEgpc7GOu6J/3nXyf5bctBRRmJend3gvdTuvFaCh0isN:SEg27dJ35JmJed9EbN

Score
10/10
jokerinfostealerpersistencetrojan

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 60 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a.exe
    "C:\Users\Admin\AppData\Local\Temp\bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.18hi.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1204
    • C:\Windows\system\Rund1132.exe
      "C:\Windows\system\Rund1132.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:560

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    6c6a24456559f305308cb1fb6c5486b3

    SHA1

    3273ac27d78572f16c3316732b9756ebc22cb6ed

    SHA256

    efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

    SHA512

    587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f30a50c35b6aeaca3c7d2425ea183a7

    SHA1

    fc1652aab86839ae84c033ee7728adf17034ca7c

    SHA256

    38e53498c9e6f1256a9b8b552b2b205f3772ae18c78d4c030c7790092a0bc315

    SHA512

    f092738db2e2951255aaa7655cb9f63b3db97853aa38c05c9af95a0fa5dba7ae33bab27518abb407315adf2b595787dab0b0c853f1a7adbdc4a2b95c6082745d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    5KB

    MD5

    3de9cdeab4e923f7b9dd2ed67dc84bd8

    SHA1

    da5a3995f9df8fa4deb4987e1d1c900707148b0e

    SHA256

    8b9b4cef26139ec382167a614e38533f13eb74755f2d9cc8191b03ebaf06d35c

    SHA512

    318cbf4f9d61785ec51ac9ee78a43ee04547d595d0ed02682677df7ccffb117be2cf27ad341763e2ca7437fed367f61bf697281caf0bd5725da71634ee7b2289

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J34DB4EF.txt
    Filesize

    606B

    MD5

    50e1c09a0ec9b7a79510e56bc5512877

    SHA1

    d357b34fe3b1014e067240e02b17c7fc8988e51b

    SHA256

    66391ad7cc4e3384510f9da399ad069f84b9c1b53b670dda693b8fed19de1fae

    SHA512

    87bdca22d597e6de7fe588e2888cfa01847d258584fb3bd5c2718ee14d59fb05ace56d1bf871f3da6a6862411d66712c1fb768355e0271feaf8c873c78009467

    Download Submit

  • C:\Windows\system\Rund1132.EXE
    Filesize

    18KB

    MD5

    c5ef1eaebf1e47a694a54fd29712da47

    SHA1

    76bd4ad239844b6ed757aab254a96c1079fcd1d4

    SHA256

    bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a

    SHA512

    75f10dff7a1fc1ed88d831cebfe97a779cd63944e2a4afe2ea6aec77ed0a0b2dcc26fb2897ec9d4cfff7597aecfdad9677ffa8503b27a08a4329baf3cc462e9a

    Download Submit

  • C:\Windows\system\Rund1132.exe
    Filesize

    18KB

    MD5

    c5ef1eaebf1e47a694a54fd29712da47

    SHA1

    76bd4ad239844b6ed757aab254a96c1079fcd1d4

    SHA256

    bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a

    SHA512

    75f10dff7a1fc1ed88d831cebfe97a779cd63944e2a4afe2ea6aec77ed0a0b2dcc26fb2897ec9d4cfff7597aecfdad9677ffa8503b27a08a4329baf3cc462e9a

    Download Submit

  • \Windows\system\Rund1132.exe
    Filesize

    18KB

    MD5

    c5ef1eaebf1e47a694a54fd29712da47

    SHA1

    76bd4ad239844b6ed757aab254a96c1079fcd1d4

    SHA256

    bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a

    SHA512

    75f10dff7a1fc1ed88d831cebfe97a779cd63944e2a4afe2ea6aec77ed0a0b2dcc26fb2897ec9d4cfff7597aecfdad9677ffa8503b27a08a4329baf3cc462e9a

    Download Submit

  • \Windows\system\Rund1132.exe
    Filesize

    18KB

    MD5

    c5ef1eaebf1e47a694a54fd29712da47

    SHA1

    76bd4ad239844b6ed757aab254a96c1079fcd1d4

    SHA256

    bcf2da6011f0f56191965811d7b0da690fdde6457e5fd7a1042a37cbea70aa7a

    SHA512

    75f10dff7a1fc1ed88d831cebfe97a779cd63944e2a4afe2ea6aec77ed0a0b2dcc26fb2897ec9d4cfff7597aecfdad9677ffa8503b27a08a4329baf3cc462e9a

    Download Submit

  • memory/560-67-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/784-66-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/784-54-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/784-58-0x0000000003C90000-0x000000000474A000-memory.dmp

    Filesize

    10.7MB

    Download

  • memory/784-57-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

    Filesize

    8KB

    Download