Resubmissions
09-04-2024 15:25
240409-stwazaeb2v 1009-04-2024 15:25
240409-stvpfaeb2s 1009-04-2024 15:25
240409-stvdnsaf77 1009-04-2024 15:25
240409-stryjsea9x 1013-01-2023 16:48
230113-va4jcaae56 10Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
13-01-2023 16:48
Behavioral task
behavioral1
Sample
a95c29de8321dd4dc8b9676ec640e7b3.exe
Resource
win7-20220812-en
General
-
Target
a95c29de8321dd4dc8b9676ec640e7b3.exe
-
Size
32KB
-
MD5
a95c29de8321dd4dc8b9676ec640e7b3
-
SHA1
d9ef0d8e14ddba29ab8e39779e616344440d8f75
-
SHA256
7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b
-
SHA512
d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf
-
SSDEEP
768:3Ta1PsXQ0yVmQvcs27NOJtyuv09gnoJCvcror:SsXQ0yVN2gV0Gno
Malware Config
Extracted
systembc
dec15coma.com:4039
dec15coma.xyz:4039
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
jpbueu.exepid process 3408 jpbueu.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 28 api.ipify.org 29 api.ipify.org -
Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.
-
Drops file in Windows directory 2 IoCs
Processes:
a95c29de8321dd4dc8b9676ec640e7b3.exedescription ioc process File created C:\Windows\Tasks\jpbueu.job a95c29de8321dd4dc8b9676ec640e7b3.exe File opened for modification C:\Windows\Tasks\jpbueu.job a95c29de8321dd4dc8b9676ec640e7b3.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
a95c29de8321dd4dc8b9676ec640e7b3.exepid process 2484 a95c29de8321dd4dc8b9676ec640e7b3.exe 2484 a95c29de8321dd4dc8b9676ec640e7b3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a95c29de8321dd4dc8b9676ec640e7b3.exe"C:\Users\Admin\AppData\Local\Temp\a95c29de8321dd4dc8b9676ec640e7b3.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\ProgramData\fodkrx\jpbueu.exeC:\ProgramData\fodkrx\jpbueu.exe start1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\fodkrx\jpbueu.exeFilesize
32KB
MD5a95c29de8321dd4dc8b9676ec640e7b3
SHA1d9ef0d8e14ddba29ab8e39779e616344440d8f75
SHA2567616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b
SHA512d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf
-
C:\ProgramData\fodkrx\jpbueu.exeFilesize
32KB
MD5a95c29de8321dd4dc8b9676ec640e7b3
SHA1d9ef0d8e14ddba29ab8e39779e616344440d8f75
SHA2567616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b
SHA512d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf