Analysis
-
max time kernel
145s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 06:47
Behavioral task
behavioral1
Sample
DekaronJSQ5.7ʽ/DekaronJSQ.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DekaronJSQ5.7ʽ/DekaronJSQ.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
DekaronJSQ5.7ʽ/DekaronJSQ³.exe
Resource
win7-20220812-en
General
-
Target
DekaronJSQ5.7ʽ/DekaronJSQ³.exe
-
Size
1008KB
-
MD5
1b66f7ac9b3a6c8ae7725ddca3f430c5
-
SHA1
686d1bbfa8290836452308b315e1378ee8acb655
-
SHA256
5ade0c68918a2a8e390cf9d8dce3c57a8917abd377b84a0272e68bc78e7b7872
-
SHA512
c781b78edf8f10a6491497ca3ca7288f9a985ba1ddda745a1baa8a448604a313524556fbcac2fc343453394e57dabbd9333c365407915803eb018702a019c618
-
SSDEEP
24576:brToBbKlrXksHQqyyZuKFd4kJEhvPctSIkI4Ekcs/2f0rbUsYPc3F5wC8m444qr5:brTpkMciN4kJEhvPmkI4Ekcs/2f0rbU8
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral4/memory/1000-133-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-135-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-134-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-137-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-139-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-141-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-143-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-145-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-147-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-149-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-151-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-153-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-155-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-157-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-159-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-161-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-163-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-165-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-167-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-169-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-171-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-173-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-175-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral4/memory/1000-176-0x0000000010000000-0x000000001003E000-memory.dmp upx -
Processes:
resource yara_rule behavioral4/memory/1000-132-0x0000000000400000-0x00000000006A2000-memory.dmp vmprotect behavioral4/memory/1000-177-0x0000000000400000-0x00000000006A2000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
DekaronJSQ³.exepid process 1000 DekaronJSQ³.exe 1000 DekaronJSQ³.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
DekaronJSQ³.exepid process 1000 DekaronJSQ³.exe 1000 DekaronJSQ³.exe 1000 DekaronJSQ³.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1000-132-0x0000000000400000-0x00000000006A2000-memory.dmpFilesize
2.6MB
-
memory/1000-133-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-135-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-134-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-137-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-139-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-141-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-143-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-145-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-147-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-149-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-151-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-153-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-155-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-157-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-159-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-161-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-163-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-165-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-167-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-169-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-171-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-173-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-175-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-176-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1000-177-0x0000000000400000-0x00000000006A2000-memory.dmpFilesize
2.6MB