Overview

overview

8

Static

static

40debfeca8...02.exe

windows7-x64

8

40debfeca8...02.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    7s
  • max time network
    57s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2022 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40debfeca88eba07b96fb7b9766d77e6a35c9db0b4d9c815bc9387dc85e76b02.exe

  • Size

    200KB

  • MD5

    0ad59fdc59fa005341a058c9b666ef3c

  • SHA1

    9c93dd8eee937d761cc833d5c4ba3d3fd5578c96

  • SHA256

    40debfeca88eba07b96fb7b9766d77e6a35c9db0b4d9c815bc9387dc85e76b02

  • SHA512

    58bf7b1b242aab5341db1b30b5ff422b73507a490ba4188de75ab4e93fa9ed1c7d145f48028c984695f5cebd3cab5b6df45b5cb8c44ed4535c4c583867cc63ae

  • SSDEEP

    3072:tR1EC2Oi8NXC797F8TBfFvj4bq57bxp/yhi0t7jJhUahJ:tsC2F8NXC796TB9vj48bxss0t7/USJ

Score
8/10
evasion

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\40debfeca88eba07b96fb7b9766d77e6a35c9db0b4d9c815bc9387dc85e76b02.exe
    "C:\Users\Admin\AppData\Local\Temp\40debfeca88eba07b96fb7b9766d77e6a35c9db0b4d9c815bc9387dc85e76b02.exe"
    1⤵
      PID:480
      • C:\Users\Admin\AppData\Roaming\jj.exe
        "C:\Users\Admin\AppData\Roaming\jj.exe"
        2⤵
          PID:4352
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\jj.exe" "jj.exe" ENABLE
            3⤵
            • Modifies Windows Firewall
            PID:4908

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\jj.exe
        Filesize

        42KB

        MD5

        414aa3f1a4cf7418465b4107066e0a5c

        SHA1

        33657a35f80f7100e0752b13dfe39d7abc3cbdf6

        SHA256

        d8e21c4b7d080121e8264dc2c57198336e59e60ec78450013734c58039d62efa

        SHA512

        ee3853a1404abf45ac43bc6a8f264b281e00cab4481b5735c1983f278ab64ba51583c9929df4883328399c33653c620580d07cc7dfef0e7ee29a204f21f12268

        Download Submit

      • C:\Users\Admin\AppData\Roaming\jj.exe
        Filesize

        31KB

        MD5

        919def5d99c4973b1d3c48709d75985f

        SHA1

        1aaa7b2ac7bfdd5183f0b03fe3c14dcb1f87b698

        SHA256

        a5f4368f62bb04553b64e9355300a49757ed234d05396c11f4b4b8f6f3c8641d

        SHA512

        60c742a4be07f7c10ed4bbdfe9ac6c2c272526fac7b368709e5e9e2804e20fabcab86992116091c131c17aaf630bdc82314492de2b0a39283cd3ea035103c570

        Download Submit

      • memory/480-132-0x00000000001D0000-0x00000000001F8000-memory.dmp

        Filesize

        160KB

        Download

      • memory/480-135-0x0000000075510000-0x0000000075AC1000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/480-142-0x0000000075510000-0x0000000075AC1000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/4352-139-0x0000000000540000-0x0000000000568000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4352-136-0x0000000000000000-mapping.dmp

        Download

      • memory/4352-144-0x0000000075510000-0x0000000075AC1000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/4908-143-0x0000000000000000-mapping.dmp

        Download