Analysis
-
max time kernel
151s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
16/07/2023, 11:32
General
-
Target
6a48c4470a0d7d_JC.exe
-
Size
486KB
-
MD5
6a48c4470a0d7d264ec60597045341dd
-
SHA1
efdedaa096a9097f2d98030e7908755504fa03c8
-
SHA256
6e7abbf0bb0b986b4b464475288d8bd004c602a23d63756ee671b67698dc1a3e
-
SHA512
56884f7f7ceae9c32a82d040687b81b06b76a6279379cab587ac3fa272a96331461abb14634d2f3723c20bbdd709bcd0d07cda0a6bab309065fc7b4bdd898484
-
SSDEEP
12288:/U5rCOTeiDeH9xVg5T7P6X7AJuftW83QKWNZ:/UQOJDeH9xymX77tdCN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a48c4470a0d7d_JC.exe"C:\Users\Admin\AppData\Local\Temp\6a48c4470a0d7d_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6D7A.tmp"C:\Users\Admin\AppData\Local\Temp\6D7A.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6F01.tmp"C:\Users\Admin\AppData\Local\Temp\6F01.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6FAD.tmp"C:\Users\Admin\AppData\Local\Temp\6FAD.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\70A7.tmp"C:\Users\Admin\AppData\Local\Temp\70A7.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7932.tmp"C:\Users\Admin\AppData\Local\Temp\7932.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7AB9.tmp"C:\Users\Admin\AppData\Local\Temp\7AB9.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7B94.tmp"C:\Users\Admin\AppData\Local\Temp\7B94.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7C40.tmp"C:\Users\Admin\AppData\Local\Temp\7C40.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7CEB.tmp"C:\Users\Admin\AppData\Local\Temp\7CEB.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7DD6.tmp"C:\Users\Admin\AppData\Local\Temp\7DD6.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7EFF.tmp"C:\Users\Admin\AppData\Local\Temp\7EFF.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8018.tmp"C:\Users\Admin\AppData\Local\Temp\8018.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\80E3.tmp"C:\Users\Admin\AppData\Local\Temp\80E3.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\81AE.tmp"C:\Users\Admin\AppData\Local\Temp\81AE.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\824A.tmp"C:\Users\Admin\AppData\Local\Temp\824A.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8306.tmp"C:\Users\Admin\AppData\Local\Temp\8306.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\83A2.tmp"C:\Users\Admin\AppData\Local\Temp\83A2.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\847D.tmp"C:\Users\Admin\AppData\Local\Temp\847D.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8567.tmp"C:\Users\Admin\AppData\Local\Temp\8567.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\85F4.tmp"C:\Users\Admin\AppData\Local\Temp\85F4.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\86A0.tmp"C:\Users\Admin\AppData\Local\Temp\86A0.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\871D.tmp"C:\Users\Admin\AppData\Local\Temp\871D.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8836.tmp"C:\Users\Admin\AppData\Local\Temp\8836.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8911.tmp"C:\Users\Admin\AppData\Local\Temp\8911.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\89EC.tmp"C:\Users\Admin\AppData\Local\Temp\89EC.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8A88.tmp"C:\Users\Admin\AppData\Local\Temp\8A88.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8B34.tmp"C:\Users\Admin\AppData\Local\Temp\8B34.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8BFF.tmp"C:\Users\Admin\AppData\Local\Temp\8BFF.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8D18.tmp"C:\Users\Admin\AppData\Local\Temp\8D18.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8DE3.tmp"C:\Users\Admin\AppData\Local\Temp\8DE3.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8E8F.tmp"C:\Users\Admin\AppData\Local\Temp\8E8F.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8F1C.tmp"C:\Users\Admin\AppData\Local\Temp\8F1C.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8FB8.tmp"C:\Users\Admin\AppData\Local\Temp\8FB8.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9045.tmp"C:\Users\Admin\AppData\Local\Temp\9045.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9100.tmp"C:\Users\Admin\AppData\Local\Temp\9100.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\918D.tmp"C:\Users\Admin\AppData\Local\Temp\918D.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\91FA.tmp"C:\Users\Admin\AppData\Local\Temp\91FA.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9296.tmp"C:\Users\Admin\AppData\Local\Temp\9296.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9323.tmp"C:\Users\Admin\AppData\Local\Temp\9323.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\93CF.tmp"C:\Users\Admin\AppData\Local\Temp\93CF.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\946B.tmp"C:\Users\Admin\AppData\Local\Temp\946B.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\94F8.tmp"C:\Users\Admin\AppData\Local\Temp\94F8.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\95A4.tmp"C:\Users\Admin\AppData\Local\Temp\95A4.tmp"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9611.tmp"C:\Users\Admin\AppData\Local\Temp\9611.tmp"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\968E.tmp"C:\Users\Admin\AppData\Local\Temp\968E.tmp"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\973A.tmp"C:\Users\Admin\AppData\Local\Temp\973A.tmp"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\97E6.tmp"C:\Users\Admin\AppData\Local\Temp\97E6.tmp"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9853.tmp"C:\Users\Admin\AppData\Local\Temp\9853.tmp"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\98C0.tmp"C:\Users\Admin\AppData\Local\Temp\98C0.tmp"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\993D.tmp"C:\Users\Admin\AppData\Local\Temp\993D.tmp"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\99E9.tmp"C:\Users\Admin\AppData\Local\Temp\99E9.tmp"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9A66.tmp"C:\Users\Admin\AppData\Local\Temp\9A66.tmp"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9AF3.tmp"C:\Users\Admin\AppData\Local\Temp\9AF3.tmp"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9B80.tmp"C:\Users\Admin\AppData\Local\Temp\9B80.tmp"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9C5A.tmp"C:\Users\Admin\AppData\Local\Temp\9C5A.tmp"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9CF7.tmp"C:\Users\Admin\AppData\Local\Temp\9CF7.tmp"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9D93.tmp"C:\Users\Admin\AppData\Local\Temp\9D93.tmp"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9DF1.tmp"C:\Users\Admin\AppData\Local\Temp\9DF1.tmp"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9E9C.tmp"C:\Users\Admin\AppData\Local\Temp\9E9C.tmp"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9F19.tmp"C:\Users\Admin\AppData\Local\Temp\9F19.tmp"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9F87.tmp"C:\Users\Admin\AppData\Local\Temp\9F87.tmp"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A023.tmp"C:\Users\Admin\AppData\Local\Temp\A023.tmp"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A0CF.tmp"C:\Users\Admin\AppData\Local\Temp\A0CF.tmp"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A15C.tmp"C:\Users\Admin\AppData\Local\Temp\A15C.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A1C9.tmp"C:\Users\Admin\AppData\Local\Temp\A1C9.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\A265.tmp"C:\Users\Admin\AppData\Local\Temp\A265.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\A301.tmp"C:\Users\Admin\AppData\Local\Temp\A301.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\A35F.tmp"C:\Users\Admin\AppData\Local\Temp\A35F.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\A3CD.tmp"C:\Users\Admin\AppData\Local\Temp\A3CD.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\A459.tmp"C:\Users\Admin\AppData\Local\Temp\A459.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\A4F5.tmp"C:\Users\Admin\AppData\Local\Temp\A4F5.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\A5A1.tmp"C:\Users\Admin\AppData\Local\Temp\A5A1.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\A60F.tmp"C:\Users\Admin\AppData\Local\Temp\A60F.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\A6AB.tmp"C:\Users\Admin\AppData\Local\Temp\A6AB.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\A718.tmp"C:\Users\Admin\AppData\Local\Temp\A718.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\A795.tmp"C:\Users\Admin\AppData\Local\Temp\A795.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\A841.tmp"C:\Users\Admin\AppData\Local\Temp\A841.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\A89F.tmp"C:\Users\Admin\AppData\Local\Temp\A89F.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\A92C.tmp"C:\Users\Admin\AppData\Local\Temp\A92C.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\A9A9.tmp"C:\Users\Admin\AppData\Local\Temp\A9A9.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\AA35.tmp"C:\Users\Admin\AppData\Local\Temp\AA35.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\AAC2.tmp"C:\Users\Admin\AppData\Local\Temp\AAC2.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\AB5E.tmp"C:\Users\Admin\AppData\Local\Temp\AB5E.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\ABFA.tmp"C:\Users\Admin\AppData\Local\Temp\ABFA.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\AC87.tmp"C:\Users\Admin\AppData\Local\Temp\AC87.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\ACF4.tmp"C:\Users\Admin\AppData\Local\Temp\ACF4.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\AD62.tmp"C:\Users\Admin\AppData\Local\Temp\AD62.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\ADEE.tmp"C:\Users\Admin\AppData\Local\Temp\ADEE.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\AE8B.tmp"C:\Users\Admin\AppData\Local\Temp\AE8B.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\AF17.tmp"C:\Users\Admin\AppData\Local\Temp\AF17.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\AFA4.tmp"C:\Users\Admin\AppData\Local\Temp\AFA4.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\B011.tmp"C:\Users\Admin\AppData\Local\Temp\B011.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\B08E.tmp"C:\Users\Admin\AppData\Local\Temp\B08E.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\B11B.tmp"C:\Users\Admin\AppData\Local\Temp\B11B.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\B198.tmp"C:\Users\Admin\AppData\Local\Temp\B198.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\B215.tmp"C:\Users\Admin\AppData\Local\Temp\B215.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\B292.tmp"C:\Users\Admin\AppData\Local\Temp\B292.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\B31E.tmp"C:\Users\Admin\AppData\Local\Temp\B31E.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\B39B.tmp"C:\Users\Admin\AppData\Local\Temp\B39B.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\B428.tmp"C:\Users\Admin\AppData\Local\Temp\B428.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\B495.tmp"C:\Users\Admin\AppData\Local\Temp\B495.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\B512.tmp"C:\Users\Admin\AppData\Local\Temp\B512.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\B58F.tmp"C:\Users\Admin\AppData\Local\Temp\B58F.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\B61C.tmp"C:\Users\Admin\AppData\Local\Temp\B61C.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\B689.tmp"C:\Users\Admin\AppData\Local\Temp\B689.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\B726.tmp"C:\Users\Admin\AppData\Local\Temp\B726.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\B7B2.tmp"C:\Users\Admin\AppData\Local\Temp\B7B2.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\B83F.tmp"C:\Users\Admin\AppData\Local\Temp\B83F.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\B8BC.tmp"C:\Users\Admin\AppData\Local\Temp\B8BC.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\B939.tmp"C:\Users\Admin\AppData\Local\Temp\B939.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\B9D5.tmp"C:\Users\Admin\AppData\Local\Temp\B9D5.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\BA52.tmp"C:\Users\Admin\AppData\Local\Temp\BA52.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\BBBA.tmp"C:\Users\Admin\AppData\Local\Temp\BBBA.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\BC65.tmp"C:\Users\Admin\AppData\Local\Temp\BC65.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\BD11.tmp"C:\Users\Admin\AppData\Local\Temp\BD11.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\BD7F.tmp"C:\Users\Admin\AppData\Local\Temp\BD7F.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\BDFC.tmp"C:\Users\Admin\AppData\Local\Temp\BDFC.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\BE88.tmp"C:\Users\Admin\AppData\Local\Temp\BE88.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\BEF6.tmp"C:\Users\Admin\AppData\Local\Temp\BEF6.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\BF73.tmp"C:\Users\Admin\AppData\Local\Temp\BF73.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-