Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 19:38
Static task
static1
Behavioral task
behavioral1
Sample
c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe
Resource
win10v2004-20220901-en
General
-
Target
c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe
-
Size
48KB
-
MD5
a559acfaa60a579b39ae7fd276ae3d9e
-
SHA1
e9b679c67fd1b280f8c3e08d51c2f326160c8c5d
-
SHA256
c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5
-
SHA512
9ccf11d6a613bc918b2fca794699144049edbf5a8f691268a6861475df51682e6d8956a6e843e8a2a98bfc8f80383805231c6f3b13b183f9245f86795cd0ac03
-
SSDEEP
768:bQ5hdL6QjWUGmrQZi+LtmtnB7CwgbLaTTIIMdzstb:q2UGdiOt2nBGl+TKdzstb
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
mexjkm.exepid process 4012 mexjkm.exe -
Drops file in System32 directory 2 IoCs
Processes:
c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exedescription ioc process File created C:\Windows\SysWOW64\mexjkm.exe c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe File opened for modification C:\Windows\SysWOW64\mexjkm.exe c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 224 4012 WerFault.exe mexjkm.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exemexjkm.exepid process 760 c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe 760 c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe 760 c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe 760 c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe 4012 mexjkm.exe 4012 mexjkm.exe 4012 mexjkm.exe 4012 mexjkm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe"C:\Users\Admin\AppData\Local\Temp\c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\mexjkm.exeC:\Windows\SysWOW64\mexjkm.exe1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 3922⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 760 -ip 7601⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4012 -ip 40121⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\SysWOW64\mexjkm.exeFilesize
48KB
MD5a559acfaa60a579b39ae7fd276ae3d9e
SHA1e9b679c67fd1b280f8c3e08d51c2f326160c8c5d
SHA256c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5
SHA5129ccf11d6a613bc918b2fca794699144049edbf5a8f691268a6861475df51682e6d8956a6e843e8a2a98bfc8f80383805231c6f3b13b183f9245f86795cd0ac03
-
C:\Windows\SysWOW64\mexjkm.exeFilesize
48KB
MD5a559acfaa60a579b39ae7fd276ae3d9e
SHA1e9b679c67fd1b280f8c3e08d51c2f326160c8c5d
SHA256c38253f8d773c3b3d9a0ddc6a46464014d2568221cbe8a9fccadeb8a2de303e5
SHA5129ccf11d6a613bc918b2fca794699144049edbf5a8f691268a6861475df51682e6d8956a6e843e8a2a98bfc8f80383805231c6f3b13b183f9245f86795cd0ac03