e42ab3a701d02022694fb2bf7b46f3e934e9e3eede355d249ee77d85382fd1ec

Resubmissions

31/03/2023, 16:46

230331-vagdtabg45 7

31/03/2023, 16:41

230331-t67efada7v 7

31/03/2023, 16:37

230331-t4rwzabf92 7

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2023, 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Jenny Mod 1.8_n-6YZR1.exe
Size

2.6MB
MD5

5554e9b1bff7d5c406b7465701ceb732
SHA1

330eae0ac128d2077e63a189389fc1f6c1cae9bc
SHA256

e42ab3a701d02022694fb2bf7b46f3e934e9e3eede355d249ee77d85382fd1ec
SHA512

f0b9ad75123d31dbd5448cb213eb064bd3092825bbc13b5b0ff334f9ba9ffc536629bf134b795e999267f007c353df5e1dc21354dc6dc4444d7f4865a0718b8e
SSDEEP

49152:6qe3f6a5zD7+H98AHaCfu6F8HCL+WuTmuKwE0:TSiMD7E9vBuZHCK5NKX0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4684	Jenny Mod 1.8_n-6YZR1.tmp

Loads dropped DLL 3 IoCs

pid	Process
4684	Jenny Mod 1.8_n-6YZR1.tmp
4684	Jenny Mod 1.8_n-6YZR1.tmp
4684	Jenny Mod 1.8_n-6YZR1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	42	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4684	Jenny Mod 1.8_n-6YZR1.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 4684	4528	Jenny Mod 1.8_n-6YZR1.exe	82
PID 4528 wrote to memory of 4684	4528	Jenny Mod 1.8_n-6YZR1.exe	82
PID 4528 wrote to memory of 4684	4528	Jenny Mod 1.8_n-6YZR1.exe	82

C:\Users\Admin\AppData\Local\Temp\Jenny Mod 1.8_n-6YZR1.exe
"C:\Users\Admin\AppData\Local\Temp\Jenny Mod 1.8_n-6YZR1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Users\Admin\AppData\Local\Temp\is-0MGF1.tmp\Jenny Mod 1.8_n-6YZR1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0MGF1.tmp\Jenny Mod 1.8_n-6YZR1.tmp" /SL5="$801AE,1785071,899584,C:\Users\Admin\AppData\Local\Temp\Jenny Mod 1.8_n-6YZR1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-0MGF1.tmp\Jenny Mod 1.8_n-6YZR1.tmp

Filesize
3.0MB

MD5
eaf2c9683c1424abb77a6104b339fda5

SHA1
82fe536dc66036a759f620003f324bc726192da0

SHA256
a2c20488f11814b0bb8eb471f364c58d8f16a34fb526b84ccb97d15b98450d9a

SHA512
49d9482bb2f41aa87654d22f3ffc31abed183ac68545cef87125de932cf745f8c68a31d17e142c4a4f0f21e2bf1edab8cda59ba2b1b1827f8c84837352196bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TJ8CK.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TJ8CK.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TJ8CK.tmp\loader.gif

Filesize
3KB

MD5
d35d95fc6bd8be33d3ce5da2630b90bd

SHA1
be2fb4098a151f6c77a85ce8c274a3054a61178b

SHA256
dfa608be394c8f6d19aff352185917720f04072ac0412a8cab1174fec4939c08

SHA512
078fa3cf9c08c8bdaa554a52b153a159f537de3ee0ba923d64928cdd99b4f2528b4eb229c1b2352b946ef417efd478b453588a6cda1afc91b374e709afc730e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TJ8CK.tmp\side-logo.png

Filesize
24KB

MD5
e2d3022fb249af38288c47246bc60228

SHA1
bf7a44230ec7dc0f45e89224a6fe821d25f91f55

SHA256
9a7462e436d86f26ae9c0808b30810b8d2fd25ceef7af24ff09a1af32e63e2a9

SHA512
510d60ed51bc972b6bb3ac80a86d31b6d797a1af0a3ffce068089f0adf39d6591471de7ef7f21ecaccb67255e57bbe04786534256a12bcae5017078df56f12cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TJ8CK.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
memory/4528-135-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4528-139-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4528-133-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4684-154-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4684-174-0x00000000009F0000-0x00000000009FF000-memory.dmp

Filesize
60KB

Download
memory/4684-155-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/4684-140-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/4684-182-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4684-183-0x00000000009F0000-0x00000000009FF000-memory.dmp

Filesize
60KB

Download