Overview

overview

7

Static

static

3

642924c50b2d06_JC.exe

windows7-x64

7

642924c50b2d06_JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2023, 10:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    642924c50b2d06_JC.exe

  • Size

    374KB

  • MD5

    642924c50b2d0625802dbc98a77a7a36

  • SHA1

    a4eec2da10a87d2b8ac21fbe27a1220d4bfb9b38

  • SHA256

    bb20643bc09a13195a01602fa0ec3aa7c2ee6e6518e01fb0c4da8382f3cd6b48

  • SHA512

    984d4492360220e4a086f67e45c20a4692509643ccf5563ad631e06dae7d9433c6c6abfc9826f53e7f991bb5527ae2375cb0b33e0dbb434d52c2ca395c0c4f3f

  • SSDEEP

    6144:QplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:QplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\642924c50b2d06_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\642924c50b2d06_JC.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Program Files\optional\Before.exe
      "C:\Program Files\optional\Before.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4828

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\optional\Before.exe
          Filesize

          374KB

          MD5

          1352b394a3d5815e71ea401d580443ef

          SHA1

          80b6dbba16f175364fa59745c4980b39fb6f2a2c

          SHA256

          fffceea1a858fe07afe00c0b9c793aa3e84ab93b6d53fab13abbfa99401d0f44

          SHA512

          7a3184ef69bed5f6d0c67d39f026da2cc3f5c7f119c88c32ca339efbed4c2cc6b861bf2605c865420ff6c0709923451b9be58a6a8c55627b8215a25f4fed5b7f

          Download Submit

        • C:\Program Files\optional\Before.exe
          Filesize

          374KB

          MD5

          1352b394a3d5815e71ea401d580443ef

          SHA1

          80b6dbba16f175364fa59745c4980b39fb6f2a2c

          SHA256

          fffceea1a858fe07afe00c0b9c793aa3e84ab93b6d53fab13abbfa99401d0f44

          SHA512

          7a3184ef69bed5f6d0c67d39f026da2cc3f5c7f119c88c32ca339efbed4c2cc6b861bf2605c865420ff6c0709923451b9be58a6a8c55627b8215a25f4fed5b7f

          Download Submit