Analysis
-
max time kernel
150s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
09-01-2023 06:42
Static task
static1
Behavioral task
behavioral1
Sample
DnsJumper.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
DnsJumper.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
DnsJumper.exe
-
Size
884KB
-
MD5
aea6dfbb052b8613b2df44fd2d008d09
-
SHA1
17434441b4d61320edf8ae506923403c36088d51
-
SHA256
7e221e7967570b0deca8e1c4f23ed9e39423dcc0733337bcb6e2c08b3b7b9ba1
-
SHA512
d4ad11a094ea9aa8e47bde543f917ffccb157a8633ab7cb7e0790f3c571cc067c3d62965bf499e630ebd8d0cd8af5e0f31ab9e40ae54ad306fa16aa94f9296d7
-
SSDEEP
12288:aaWzgMg7v3qnCi5ErQohh0F4qCJ8lnynQS53ENqPXJbRchK:VaHMv6CFrjenynQmU0PXJbRd
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2044 DnsJumper.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2044 DnsJumper.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe 2044 DnsJumper.exe