Overview

overview

8

Static

static

3

4077c6a763...JC.exe

windows7-x64

8

4077c6a763...JC.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2023, 11:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4077c6a7639ca0exeexe_JC.exe

  • Size

    168KB

  • MD5

    4077c6a7639ca08788cbfdd7df25e060

  • SHA1

    602e022481b549dc616262b4f867b233e53df593

  • SHA256

    6f4cf312d22a61c88b79c3757e4edc8f22d3550c59a4ee1933941c6cc1e47d24

  • SHA512

    74904d7655b9636aa6f7952b6bfef2d8fdadcf0fa7ea58f3b67b0d6e066de8185d8545c6e9553103d3025f8b035ef08fa1d1eb276e2e6ed7e8383b6ee0c3e31e

  • SSDEEP

    1536:1EGh0omlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0omlqOPOe2MUVg3Ve+rX

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4077c6a7639ca0exeexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4077c6a7639ca0exeexe_JC.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Windows\{72D5224E-3FD1-4ac0-8A00-242A4FA1097E}.exe
      C:\Windows\{72D5224E-3FD1-4ac0-8A00-242A4FA1097E}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1668
      • C:\Windows\{7795410D-E66F-4ec6-AA5B-E04A4B07D65E}.exe
        C:\Windows\{7795410D-E66F-4ec6-AA5B-E04A4B07D65E}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Windows\{B812B8AD-CE49-4d5a-8321-66A45C910AB5}.exe
          C:\Windows\{B812B8AD-CE49-4d5a-8321-66A45C910AB5}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2912
          • C:\Windows\{01DF9558-BF6E-46b9-AE1C-F6D6D21AA97E}.exe
            C:\Windows\{01DF9558-BF6E-46b9-AE1C-F6D6D21AA97E}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3068
            • C:\Windows\{0D293CFF-55A3-4f94-9493-1205E43B7E1C}.exe
              C:\Windows\{0D293CFF-55A3-4f94-9493-1205E43B7E1C}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2696
              • C:\Windows\{21AC9AF4-431C-4c53-8109-51E193F51252}.exe
                C:\Windows\{21AC9AF4-431C-4c53-8109-51E193F51252}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1208
                • C:\Windows\{08CDB2F8-CA73-473a-AB92-575C289704D8}.exe
                  C:\Windows\{08CDB2F8-CA73-473a-AB92-575C289704D8}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1092
                  • C:\Windows\{E908C635-B82B-4d86-BB0E-EAD8957C0602}.exe
                    C:\Windows\{E908C635-B82B-4d86-BB0E-EAD8957C0602}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1184
                    • C:\Windows\{5C144A79-AC08-40a4-9916-1338241C0225}.exe
                      C:\Windows\{5C144A79-AC08-40a4-9916-1338241C0225}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1480
                      • C:\Windows\{358D9C8A-AB22-4f4e-960A-6DD1A0C41483}.exe
                        C:\Windows\{358D9C8A-AB22-4f4e-960A-6DD1A0C41483}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:276
                        • C:\Windows\{D48C216E-E89F-489c-B78F-CD4C591D6D47}.exe
                          C:\Windows\{D48C216E-E89F-489c-B78F-CD4C591D6D47}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1860
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{358D9~1.EXE > nul
                          12⤵
                            PID:1204
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5C144~1.EXE > nul
                          11⤵
                            PID:2480
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E908C~1.EXE > nul
                          10⤵
                            PID:1812
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{08CDB~1.EXE > nul
                          9⤵
                            PID:1500
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{21AC9~1.EXE > nul
                          8⤵
                            PID:696
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0D293~1.EXE > nul
                          7⤵
                            PID:2740
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{01DF9~1.EXE > nul
                          6⤵
                            PID:2728
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B812B~1.EXE > nul
                          5⤵
                            PID:2836
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{77954~1.EXE > nul
                          4⤵
                            PID:2940
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{72D52~1.EXE > nul
                          3⤵
                            PID:1692
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\4077C6~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2288

                      Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{01DF9558-BF6E-46b9-AE1C-F6D6D21AA97E}.exe
                              Filesize

                              168KB

                              MD5

                              8535d58a9c22e3a3af54972520353c0b

                              SHA1

                              f934dc58d96e780a728a242b62ce0dbfacf3958a

                              SHA256

                              ac222e26c92ff88ab86b827894eb7160b2c20c68f1201f51a37ed73aad26427d

                              SHA512

                              64dd77cc9e05d3c0a5177f51cca93642553b6bcf92594dc63469652781992233ea23ff83f74fe19b20ef9db3a36e35ef4c8de9dc7ae615112a9ddd6fbce055dc

                              Download Submit

                            • C:\Windows\{01DF9558-BF6E-46b9-AE1C-F6D6D21AA97E}.exe
                              Filesize

                              168KB

                              MD5

                              8535d58a9c22e3a3af54972520353c0b

                              SHA1

                              f934dc58d96e780a728a242b62ce0dbfacf3958a

                              SHA256

                              ac222e26c92ff88ab86b827894eb7160b2c20c68f1201f51a37ed73aad26427d

                              SHA512

                              64dd77cc9e05d3c0a5177f51cca93642553b6bcf92594dc63469652781992233ea23ff83f74fe19b20ef9db3a36e35ef4c8de9dc7ae615112a9ddd6fbce055dc

                              Download Submit

                            • C:\Windows\{08CDB2F8-CA73-473a-AB92-575C289704D8}.exe
                              Filesize

                              168KB

                              MD5

                              f249c5feb36638a627e0b9ab247f21f0

                              SHA1

                              090510daf85ad625aa73e713ddab32c216a8cc15

                              SHA256

                              a012a522eca38180423943ee4a81f0ca50a0897e1510551505b7c11628f1eded

                              SHA512

                              1701729f66c3e6a1126e7120cbec4c62b842edf3774da59a1570a9a073a11f312a81e9f26e70a5eacb6c3d223848206ed21f5dec19ad4b972a9f068f6e60631b

                              Download Submit

                            • C:\Windows\{08CDB2F8-CA73-473a-AB92-575C289704D8}.exe
                              Filesize

                              168KB

                              MD5

                              f249c5feb36638a627e0b9ab247f21f0

                              SHA1

                              090510daf85ad625aa73e713ddab32c216a8cc15

                              SHA256

                              a012a522eca38180423943ee4a81f0ca50a0897e1510551505b7c11628f1eded

                              SHA512

                              1701729f66c3e6a1126e7120cbec4c62b842edf3774da59a1570a9a073a11f312a81e9f26e70a5eacb6c3d223848206ed21f5dec19ad4b972a9f068f6e60631b

                              Download Submit

                            • C:\Windows\{0D293CFF-55A3-4f94-9493-1205E43B7E1C}.exe
                              Filesize

                              168KB

                              MD5

                              37c454f22e711914fe8635ef4df21ac4

                              SHA1

                              65e28ea54ae4058d5bb08a617a8701a0c7c87dd8

                              SHA256

                              68525a124d63ea43fe785916d5fdd47b1e9fe0255755025e34a247a61ba55131

                              SHA512

                              8cdadbfcab555b6b8b6ea0472154bf5833fe71d764c94ad5a2134582f1f8dfbb5c2f680ae8afcc19f20cb19a7d075472da242ceb0c6bd54c23023c968da4d426

                              Download Submit

                            • C:\Windows\{0D293CFF-55A3-4f94-9493-1205E43B7E1C}.exe
                              Filesize

                              168KB

                              MD5

                              37c454f22e711914fe8635ef4df21ac4

                              SHA1

                              65e28ea54ae4058d5bb08a617a8701a0c7c87dd8

                              SHA256

                              68525a124d63ea43fe785916d5fdd47b1e9fe0255755025e34a247a61ba55131

                              SHA512

                              8cdadbfcab555b6b8b6ea0472154bf5833fe71d764c94ad5a2134582f1f8dfbb5c2f680ae8afcc19f20cb19a7d075472da242ceb0c6bd54c23023c968da4d426

                              Download Submit

                            • C:\Windows\{21AC9AF4-431C-4c53-8109-51E193F51252}.exe
                              Filesize

                              168KB

                              MD5

                              682862a36574b51476603338e276f235

                              SHA1

                              bbb36c89f9155c1786f9328573a25a98a00f5f91

                              SHA256

                              3a75c3937804fce4b607268c92e7f9c0d33cc1c25d878fb99e243a543e8647dc

                              SHA512

                              2b0174eb20af6e7f2d967d27ecfa851b2867ab91ee11b2825a4b3cbddeb9e55a31b232bc4903ea63fdcf0271dc6365f2d98a41800cbd81efd43a9d5f3f96f125

                              Download Submit

                            • C:\Windows\{21AC9AF4-431C-4c53-8109-51E193F51252}.exe
                              Filesize

                              168KB

                              MD5

                              682862a36574b51476603338e276f235

                              SHA1

                              bbb36c89f9155c1786f9328573a25a98a00f5f91

                              SHA256

                              3a75c3937804fce4b607268c92e7f9c0d33cc1c25d878fb99e243a543e8647dc

                              SHA512

                              2b0174eb20af6e7f2d967d27ecfa851b2867ab91ee11b2825a4b3cbddeb9e55a31b232bc4903ea63fdcf0271dc6365f2d98a41800cbd81efd43a9d5f3f96f125

                              Download Submit

                            • C:\Windows\{358D9C8A-AB22-4f4e-960A-6DD1A0C41483}.exe
                              Filesize

                              168KB

                              MD5

                              47c426267db0cc97a860c22b6144f22e

                              SHA1

                              64ad914de9e191c06e3f52a80aae19d874b23db2

                              SHA256

                              6616b8677ab8c6ea1fadb8955e386044c47b039954f28c3cbca7693be7acc239

                              SHA512

                              87478768cc5479966c9b881db4698426b6a94adaa80e9630edca17c1a2b3d1c3e4f8ce2353affb5072ee2dba65c9e174fbbdc7819003737bdc18e2657490d9b7

                              Download Submit

                            • C:\Windows\{358D9C8A-AB22-4f4e-960A-6DD1A0C41483}.exe
                              Filesize

                              168KB

                              MD5

                              47c426267db0cc97a860c22b6144f22e

                              SHA1

                              64ad914de9e191c06e3f52a80aae19d874b23db2

                              SHA256

                              6616b8677ab8c6ea1fadb8955e386044c47b039954f28c3cbca7693be7acc239

                              SHA512

                              87478768cc5479966c9b881db4698426b6a94adaa80e9630edca17c1a2b3d1c3e4f8ce2353affb5072ee2dba65c9e174fbbdc7819003737bdc18e2657490d9b7

                              Download Submit

                            • C:\Windows\{5C144A79-AC08-40a4-9916-1338241C0225}.exe
                              Filesize

                              168KB

                              MD5

                              a6a9bec62f5fee3ebe22b63be107a22e

                              SHA1

                              6efe666067828e50360520ca9634f8e29bde4677

                              SHA256

                              1dd1b6027def3636b09a5f16e832ddf6de7f1f97e2f7d85583d7e53643ee7a0f

                              SHA512

                              29e1f72a6e04907b6a60443c176547190df392910ca463a548025f82055377bc8efbd0dccf9d5bffa1c0b9d3200e226c175ac6ca20c0a270354c8126a41e8a52

                              Download Submit

                            • C:\Windows\{5C144A79-AC08-40a4-9916-1338241C0225}.exe
                              Filesize

                              168KB

                              MD5

                              a6a9bec62f5fee3ebe22b63be107a22e

                              SHA1

                              6efe666067828e50360520ca9634f8e29bde4677

                              SHA256

                              1dd1b6027def3636b09a5f16e832ddf6de7f1f97e2f7d85583d7e53643ee7a0f

                              SHA512

                              29e1f72a6e04907b6a60443c176547190df392910ca463a548025f82055377bc8efbd0dccf9d5bffa1c0b9d3200e226c175ac6ca20c0a270354c8126a41e8a52

                              Download Submit

                            • C:\Windows\{72D5224E-3FD1-4ac0-8A00-242A4FA1097E}.exe
                              Filesize

                              168KB

                              MD5

                              370d56ebe731c14cc6d42b4645ae344f

                              SHA1

                              1676a877269283234eb537304e560eba053f81cd

                              SHA256

                              b76285f608461c0d98e6b82f56d75fa8bc7c0c2de3999e0e6dc7f85f030994c7

                              SHA512

                              f2cdeb24133e8bd38817ac1eee24f06d40589939e32c1339800208b104ac5fdae57b15dbc40f0d5c3d13ef201d795fb57108add3cb1d6a7f27061d32850ba711

                              Download Submit

                            • C:\Windows\{72D5224E-3FD1-4ac0-8A00-242A4FA1097E}.exe
                              Filesize

                              168KB

                              MD5

                              370d56ebe731c14cc6d42b4645ae344f

                              SHA1

                              1676a877269283234eb537304e560eba053f81cd

                              SHA256

                              b76285f608461c0d98e6b82f56d75fa8bc7c0c2de3999e0e6dc7f85f030994c7

                              SHA512

                              f2cdeb24133e8bd38817ac1eee24f06d40589939e32c1339800208b104ac5fdae57b15dbc40f0d5c3d13ef201d795fb57108add3cb1d6a7f27061d32850ba711

                              Download Submit

                            • C:\Windows\{72D5224E-3FD1-4ac0-8A00-242A4FA1097E}.exe
                              Filesize

                              168KB

                              MD5

                              370d56ebe731c14cc6d42b4645ae344f

                              SHA1

                              1676a877269283234eb537304e560eba053f81cd

                              SHA256

                              b76285f608461c0d98e6b82f56d75fa8bc7c0c2de3999e0e6dc7f85f030994c7

                              SHA512

                              f2cdeb24133e8bd38817ac1eee24f06d40589939e32c1339800208b104ac5fdae57b15dbc40f0d5c3d13ef201d795fb57108add3cb1d6a7f27061d32850ba711

                              Download Submit

                            • C:\Windows\{7795410D-E66F-4ec6-AA5B-E04A4B07D65E}.exe
                              Filesize

                              168KB

                              MD5

                              339737ddd9282f7fcb2bc5e5ce6aeb58

                              SHA1

                              344e940edc9b4a7d55caa4cf0efa07baa258d2fb

                              SHA256

                              bc7d7e100cde756960325bce1700ac0dcffb302ea57b17c808640e5bee6e7356

                              SHA512

                              9dd4fac98b146dc10bf2f0a6cdf131864fae0801df80e07e99dfee6414c5bf6f0893e26f98f80f3ba5cd47d58040e9c972e85662f3d0fe2784ab99232077d8d0

                              Download Submit

                            • C:\Windows\{7795410D-E66F-4ec6-AA5B-E04A4B07D65E}.exe
                              Filesize

                              168KB

                              MD5

                              339737ddd9282f7fcb2bc5e5ce6aeb58

                              SHA1

                              344e940edc9b4a7d55caa4cf0efa07baa258d2fb

                              SHA256

                              bc7d7e100cde756960325bce1700ac0dcffb302ea57b17c808640e5bee6e7356

                              SHA512

                              9dd4fac98b146dc10bf2f0a6cdf131864fae0801df80e07e99dfee6414c5bf6f0893e26f98f80f3ba5cd47d58040e9c972e85662f3d0fe2784ab99232077d8d0

                              Download Submit

                            • C:\Windows\{B812B8AD-CE49-4d5a-8321-66A45C910AB5}.exe
                              Filesize

                              168KB

                              MD5

                              a7b14d3b03a7268c209e47d063630ff2

                              SHA1

                              2212b0839661aa6f375b49dcb649c6cdecd86c9c

                              SHA256

                              26cf632b78a9128c702a57bae8151e5a0bd162a8063705e525ef856a461ef40a

                              SHA512

                              fa377ff2c3df087a214f1bbf26f25ea5f54211bef0589d76b77fb20190f1e00137eccbdf96a8787ab9342a666d2071f16e79cc7656403241ccdc5e54f77f6915

                              Download Submit

                            • C:\Windows\{B812B8AD-CE49-4d5a-8321-66A45C910AB5}.exe
                              Filesize

                              168KB

                              MD5

                              a7b14d3b03a7268c209e47d063630ff2

                              SHA1

                              2212b0839661aa6f375b49dcb649c6cdecd86c9c

                              SHA256

                              26cf632b78a9128c702a57bae8151e5a0bd162a8063705e525ef856a461ef40a

                              SHA512

                              fa377ff2c3df087a214f1bbf26f25ea5f54211bef0589d76b77fb20190f1e00137eccbdf96a8787ab9342a666d2071f16e79cc7656403241ccdc5e54f77f6915

                              Download Submit

                            • C:\Windows\{D48C216E-E89F-489c-B78F-CD4C591D6D47}.exe
                              Filesize

                              168KB

                              MD5

                              de815b6645981fddebfaf2c5b3ffa251

                              SHA1

                              9fa58a83887b6335adc6d841e872110d5712c876

                              SHA256

                              9e7b7106fa272668393743ed617e40ae77a4c4e5bdd7087a12eff4087cb842cb

                              SHA512

                              9cc298012db1385f1a86b4d7e4ac9e9064b702bb8f4a161d23888689343ad55d591aaea3539fd293307b3f91d445bfb4f3ac18ae471d2f03d7d68f7e7950fee7

                              Download Submit

                            • C:\Windows\{E908C635-B82B-4d86-BB0E-EAD8957C0602}.exe
                              Filesize

                              168KB

                              MD5

                              7454384b7bd244b09716148eda00dc73

                              SHA1

                              a920ac13ee6307456da8b72aff42874d9c234868

                              SHA256

                              e5051278c4a7b597ca7dc951579a36490380b3956de5cb3a47a4f535d124b618

                              SHA512

                              ac15833b636fec64527de2a6f4d0f338f40cd8b44767529f23edfda506a554caa70c102538c0779aefb10314435d525c52d23fd11fcdf70cc10261803e8c783c

                              Download Submit

                            • C:\Windows\{E908C635-B82B-4d86-BB0E-EAD8957C0602}.exe
                              Filesize

                              168KB

                              MD5

                              7454384b7bd244b09716148eda00dc73

                              SHA1

                              a920ac13ee6307456da8b72aff42874d9c234868

                              SHA256

                              e5051278c4a7b597ca7dc951579a36490380b3956de5cb3a47a4f535d124b618

                              SHA512

                              ac15833b636fec64527de2a6f4d0f338f40cd8b44767529f23edfda506a554caa70c102538c0779aefb10314435d525c52d23fd11fcdf70cc10261803e8c783c

                              Download Submit