Analysis
-
max time kernel
140s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
13-07-2023 19:20
Static task
static1
Behavioral task
behavioral1
Sample
0bbfccb4591a59exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
0bbfccb4591a59exe_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
0bbfccb4591a59exe_JC.exe
-
Size
30KB
-
MD5
0bbfccb4591a596f5c2d263c2eac8b44
-
SHA1
9409ef0ea62a855dc54cc1cdd659c0bb019ec6b9
-
SHA256
93de3c74b93dc02b35edc9f1f8603ff23b51d5081a2021237c61ca641005455a
-
SHA512
aaa70e22e0dcbef79fd6bc7bd9e927e60fffba7268c342b5d81bc17d591b1392684cd78b2eb93ffbcf76d3665e260d746c39e266273f7c41521f069b2246720b
-
SSDEEP
768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjxgqKSyA5h:ZzFbxmLPWQMOtEvwDpjxj1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1992 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 932 0bbfccb4591a59exe_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 932 wrote to memory of 1992 932 0bbfccb4591a59exe_JC.exe 28 PID 932 wrote to memory of 1992 932 0bbfccb4591a59exe_JC.exe 28 PID 932 wrote to memory of 1992 932 0bbfccb4591a59exe_JC.exe 28 PID 932 wrote to memory of 1992 932 0bbfccb4591a59exe_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0bbfccb4591a59exe_JC.exe"C:\Users\Admin\AppData\Local\Temp\0bbfccb4591a59exe_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:932 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:1992
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD57e2fd2c5a34b3bcf3814bafad352c1f1
SHA1c7df93d5239c6fc18c9cf538e40dcc079b60dee4
SHA256d74e70672c4b5eb301cf9b1ee196ea87f318d0392ee090808d058d7a5cb96012
SHA5128c903bc9a85267d23fd087b5023d34c1543ba119739b23ba5c1a0181a843a3f6d49bb820e1de8c911d4dc6f4295da5a8ff7e9bf816c3ba2b4767e87ff3f10fc7
-
Filesize
30KB
MD57e2fd2c5a34b3bcf3814bafad352c1f1
SHA1c7df93d5239c6fc18c9cf538e40dcc079b60dee4
SHA256d74e70672c4b5eb301cf9b1ee196ea87f318d0392ee090808d058d7a5cb96012
SHA5128c903bc9a85267d23fd087b5023d34c1543ba119739b23ba5c1a0181a843a3f6d49bb820e1de8c911d4dc6f4295da5a8ff7e9bf816c3ba2b4767e87ff3f10fc7
-
Filesize
30KB
MD57e2fd2c5a34b3bcf3814bafad352c1f1
SHA1c7df93d5239c6fc18c9cf538e40dcc079b60dee4
SHA256d74e70672c4b5eb301cf9b1ee196ea87f318d0392ee090808d058d7a5cb96012
SHA5128c903bc9a85267d23fd087b5023d34c1543ba119739b23ba5c1a0181a843a3f6d49bb820e1de8c911d4dc6f4295da5a8ff7e9bf816c3ba2b4767e87ff3f10fc7