Overview

overview

10

Static

static

c8a7af2d91...98.exe

windows7-x64

10

c8a7af2d91...98.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8a7af2d91f1b22cc8bc59070e246f6d7bd1a91a45d9729db3a373fb6ce4b198.exe

  • Size

    45KB

  • MD5

    3e70d9a82e68af43f27dbde3a7492490

  • SHA1

    4e46ebea70e6fbecdba8d274daeb43f9b9bdf9f3

  • SHA256

    c8a7af2d91f1b22cc8bc59070e246f6d7bd1a91a45d9729db3a373fb6ce4b198

  • SHA512

    5e0aed6c743535aba1470149da064f9a9cd18d57202479cc552181687969fd2949a438f74358a0ac63c053ef7fdb6c38040660cfbd078f73ac6ac07e89e9c1b6

  • SSDEEP

    768:XZwb9TV5ZDzu83AqN1LZNneGcRnks/iaeS9rmJIga9/U/1H5:XZwb9TvZ3wqnL67RnkMVmeq

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8a7af2d91f1b22cc8bc59070e246f6d7bd1a91a45d9729db3a373fb6ce4b198.exe
    "C:\Users\Admin\AppData\Local\Temp\c8a7af2d91f1b22cc8bc59070e246f6d7bd1a91a45d9729db3a373fb6ce4b198.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Windows\SysWOW64\Jmffdkpn.exe
      C:\Windows\system32\Jmffdkpn.exe
      2⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: GetForegroundWindowSpam
      PID:848

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Jmffdkpn.exe
    Filesize

    45KB

    MD5

    c1b5f7661ad35321d8f8be513b1b3dcc

    SHA1

    35d9d5851de567c91230006357cd50accfa4c04c

    SHA256

    8579e0612baac09786321770f5c8b850f7207380a27cfc5847e63be5f82826bd

    SHA512

    75ba32cbb61deb9e07c7404d7be6cc0c48bc14799a22377307b0c52caee7837580507b96c30df8a43ab5a38f156348bb08bb4cabcaca95f3e2b67cdd92a912b4

    Download Submit
  • C:\Windows\SysWOW64\Jmffdkpn.exe
    Filesize

    45KB

    MD5

    c1b5f7661ad35321d8f8be513b1b3dcc

    SHA1

    35d9d5851de567c91230006357cd50accfa4c04c

    SHA256

    8579e0612baac09786321770f5c8b850f7207380a27cfc5847e63be5f82826bd

    SHA512

    75ba32cbb61deb9e07c7404d7be6cc0c48bc14799a22377307b0c52caee7837580507b96c30df8a43ab5a38f156348bb08bb4cabcaca95f3e2b67cdd92a912b4

    Download Submit
  • memory/848-133-0x0000000000000000-mapping.dmp
    Download
  • memory/848-137-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/848-138-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/4572-132-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/4572-136-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download