Overview

overview

8

Static

static

343a0ad97e...69.exe

windows7-x64

8

343a0ad97e...69.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    188s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    343a0ad97eb112052d408827878cba703edce76d7fd500625da23f249f2e7c69.exe

  • Size

    38KB

  • MD5

    89bfc21c33f4ef991851220d66112be5

  • SHA1

    b5590160857dfac6ef9c59679045984661ce4d39

  • SHA256

    343a0ad97eb112052d408827878cba703edce76d7fd500625da23f249f2e7c69

  • SHA512

    7087199f66f96d3b75f3e64b91809e9b27d7cd0e2530e5a3670fbc41a2a75cac2398e779686eabcbbd863293558bafac7fe030fb1d0006044ea6dc405e4b793f

  • SSDEEP

    768:aJGMTliGxQiDtC22e2RvcbDXHOlwY2ljIILQbCgFAd:aJGix/v22Pu8lvwCaM

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\343a0ad97eb112052d408827878cba703edce76d7fd500625da23f249f2e7c69.exe
    "C:\Users\Admin\AppData\Local\Temp\343a0ad97eb112052d408827878cba703edce76d7fd500625da23f249f2e7c69.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    PID:2040
  • C:\Windows\SysWOW64\jolboo.exe
    C:\Windows\SysWOW64\jolboo.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\gei33.dll
    Filesize

    48KB

    MD5

    98dc589f3a9653e76b605bc0acefbfef

    SHA1

    43127556cfa49a3c2cca9fe492ddc0dc83f90bf0

    SHA256

    418aa1f24183234f8275045f21fb254782e8baa5b4771a758d3f0d0a521622ac

    SHA512

    293e5fbb2a797467466e373a94dec7c5cedad77e619f0f415a0f9146dcdd5e5dc196176b5a7f216b720f0323e28b397c39327c9e5f680c142b07cdb7b64864fb

    Download Submit

  • C:\Windows\SysWOW64\jolboo.exe
    Filesize

    38KB

    MD5

    89bfc21c33f4ef991851220d66112be5

    SHA1

    b5590160857dfac6ef9c59679045984661ce4d39

    SHA256

    343a0ad97eb112052d408827878cba703edce76d7fd500625da23f249f2e7c69

    SHA512

    7087199f66f96d3b75f3e64b91809e9b27d7cd0e2530e5a3670fbc41a2a75cac2398e779686eabcbbd863293558bafac7fe030fb1d0006044ea6dc405e4b793f

    Download Submit

  • C:\Windows\SysWOW64\jolboo.exe
    Filesize

    38KB

    MD5

    89bfc21c33f4ef991851220d66112be5

    SHA1

    b5590160857dfac6ef9c59679045984661ce4d39

    SHA256

    343a0ad97eb112052d408827878cba703edce76d7fd500625da23f249f2e7c69

    SHA512

    7087199f66f96d3b75f3e64b91809e9b27d7cd0e2530e5a3670fbc41a2a75cac2398e779686eabcbbd863293558bafac7fe030fb1d0006044ea6dc405e4b793f

    Download Submit

  • memory/212-136-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/212-138-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2040-132-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2040-135-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download