Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
17-07-2023 18:25
General
-
Target
a403536394ec8a_JC.exe
-
Size
204KB
-
MD5
a403536394ec8abc46b4f29ac4e425aa
-
SHA1
2814e4580a3623878935997397bc23aa13981832
-
SHA256
a1fca69f3cf065f092c1fca278b02abe8b739f2b3896c6fac09be40593c6602d
-
SHA512
4fdf1a4b8634d6bdddabd31cb11f8d497b0357e81155a07e3bfb854f97b56fb42573de8e6b7a04b23ef9ba381f4fa783794fe79a832fcc70b46806677f023349
-
SSDEEP
1536:1EGh0oxLl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oVl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a403536394ec8a_JC.exe"C:\Users\Admin\AppData\Local\Temp\a403536394ec8a_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{18CA4557-0F69-426c-B959-6535A540AE28}.exeC:\Windows\{18CA4557-0F69-426c-B959-6535A540AE28}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F3432CB7-8956-44e6-A62E-5AB4C61F22A1}.exeC:\Windows\{F3432CB7-8956-44e6-A62E-5AB4C61F22A1}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D57FD1E5-3733-4c10-8637-A91BFA75B73E}.exeC:\Windows\{D57FD1E5-3733-4c10-8637-A91BFA75B73E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{864AA34F-F903-4f9c-B8B7-9DF90D45CF6B}.exeC:\Windows\{864AA34F-F903-4f9c-B8B7-9DF90D45CF6B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B71B7187-316A-4224-BD49-DBB933FB56EA}.exeC:\Windows\{B71B7187-316A-4224-BD49-DBB933FB56EA}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D0053D5C-D3EE-490c-BA2C-CF17D7682D3A}.exeC:\Windows\{D0053D5C-D3EE-490c-BA2C-CF17D7682D3A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6735B35B-9CAA-4656-952D-CA538110F69F}.exeC:\Windows\{6735B35B-9CAA-4656-952D-CA538110F69F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B24DF43D-21A2-44de-A677-E071C3310F31}.exeC:\Windows\{B24DF43D-21A2-44de-A677-E071C3310F31}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A6F1BD71-7EA4-4fca-BF78-BE5EA123DF19}.exeC:\Windows\{A6F1BD71-7EA4-4fca-BF78-BE5EA123DF19}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F8F6435F-3B2B-4a16-9869-5509C934B755}.exeC:\Windows\{F8F6435F-3B2B-4a16-9869-5509C934B755}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AE6BBDF9-D6FC-4d46-AF93-48309A82B68E}.exeC:\Windows\{AE6BBDF9-D6FC-4d46-AF93-48309A82B68E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DFDE0F38-0805-456e-B397-25C1E06B851E}.exeC:\Windows\{DFDE0F38-0805-456e-B397-25C1E06B851E}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AE6BB~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F8F64~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A6F1B~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B24DF~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6735B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D0053~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B71B7~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{864AA~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D57FD~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F3432~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18CA4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\A40353~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD52a3a6fc4aec5e95fa4223d9a3f4de897
SHA19144ea67d9d7e9447a74a371e7c929e40b1998bc
SHA256069cb0466e03f22fb31e6b438a1e304db617ac5edeaf98d810e9bedc36e61ee6
SHA5125a5a301cc65c94128ec7d20b0c00e44ef063ee0db3bdff5b08ba2a4a185534048e1d64c60736c5fdca2490f89e74ef8b6f2b75290935b67bac55383acc6ec245
-
Filesize
204KB
MD52a3a6fc4aec5e95fa4223d9a3f4de897
SHA19144ea67d9d7e9447a74a371e7c929e40b1998bc
SHA256069cb0466e03f22fb31e6b438a1e304db617ac5edeaf98d810e9bedc36e61ee6
SHA5125a5a301cc65c94128ec7d20b0c00e44ef063ee0db3bdff5b08ba2a4a185534048e1d64c60736c5fdca2490f89e74ef8b6f2b75290935b67bac55383acc6ec245
-
Filesize
204KB
MD5af9dde6cb9fb9e0a06498b2bebf5acab
SHA1c8bbab8d68f6351e2e51a3814bcac2909c4ed3e7
SHA2564517d6b437cae4a2ee4d13c51ecb59049bd8052a575744d8673861979191336a
SHA512a1faaf5e86adf536651f47028989d84f4e95f6b2c2122c8ca09c56a1ee57ed70d3408285bb628a468ad70aab686ff8482242bb5529864b9cc2d340b547b6491a
-
Filesize
204KB
MD5af9dde6cb9fb9e0a06498b2bebf5acab
SHA1c8bbab8d68f6351e2e51a3814bcac2909c4ed3e7
SHA2564517d6b437cae4a2ee4d13c51ecb59049bd8052a575744d8673861979191336a
SHA512a1faaf5e86adf536651f47028989d84f4e95f6b2c2122c8ca09c56a1ee57ed70d3408285bb628a468ad70aab686ff8482242bb5529864b9cc2d340b547b6491a
-
Filesize
204KB
MD56620a460a843592d8813f7ce835bec80
SHA1c0a10e398669615e876d604d2c0bd55019e0c1cc
SHA25606dea4eb44069c649a4ae864238897fb72fa3dc5c284540253d22b0f4003293c
SHA51203e6cf28eaf9e8ca173436c832434fa78682efcc7b08d5e84be356720423e70841ef8821506c69cf2a2b1d672105ae7bbe7fdf25d9697bf718935a42aced1307
-
Filesize
204KB
MD56620a460a843592d8813f7ce835bec80
SHA1c0a10e398669615e876d604d2c0bd55019e0c1cc
SHA25606dea4eb44069c649a4ae864238897fb72fa3dc5c284540253d22b0f4003293c
SHA51203e6cf28eaf9e8ca173436c832434fa78682efcc7b08d5e84be356720423e70841ef8821506c69cf2a2b1d672105ae7bbe7fdf25d9697bf718935a42aced1307
-
Filesize
204KB
MD5297c2be1a91129b376df4bb4cfb2ed51
SHA16db4390b95c178d0ad803b5ac8f3f8fb5d9b23c0
SHA2563a58088752bdf05c0753a01b76d3cfcc720e8670c82e9f1b01c4f5579197f1e0
SHA512c477eaefd3f01b6ddeb6b32ea1f603a0b36b45d591a998865606ff6e87205aee1762aa993b4526734ddf4a55dd26bbb14bb0bbb063963dd6bf91ea21a03a70a0
-
Filesize
204KB
MD5297c2be1a91129b376df4bb4cfb2ed51
SHA16db4390b95c178d0ad803b5ac8f3f8fb5d9b23c0
SHA2563a58088752bdf05c0753a01b76d3cfcc720e8670c82e9f1b01c4f5579197f1e0
SHA512c477eaefd3f01b6ddeb6b32ea1f603a0b36b45d591a998865606ff6e87205aee1762aa993b4526734ddf4a55dd26bbb14bb0bbb063963dd6bf91ea21a03a70a0
-
Filesize
204KB
MD5ccf3708593fbd8954a3f45f4160a23b9
SHA16b83c02bd575edc655c1f571dcab32e03682e6bc
SHA256afc09cc0c6791a990298d878b89ce68704558c43685ad69e1d1a6fe99084111f
SHA5128c56ea6e3994c4065d17cff5daf5cd7dff16966a75bb07737fe6b48536f09e69e3624e9884797bb569f055215f96155d3706c2a7ce8f723d0b452d98dd9c6c82
-
Filesize
204KB
MD5ccf3708593fbd8954a3f45f4160a23b9
SHA16b83c02bd575edc655c1f571dcab32e03682e6bc
SHA256afc09cc0c6791a990298d878b89ce68704558c43685ad69e1d1a6fe99084111f
SHA5128c56ea6e3994c4065d17cff5daf5cd7dff16966a75bb07737fe6b48536f09e69e3624e9884797bb569f055215f96155d3706c2a7ce8f723d0b452d98dd9c6c82
-
Filesize
204KB
MD507f8cfb0cc96532e96518b12c731753c
SHA1e5df349100d4577d62a80188b43101f822b99334
SHA256b8b7adb55a4e378d44096d596faa22b181288a347f5403fcfbc18655b6898b5f
SHA512ea5eb2e654809900d0bd3e7f985be584a333d93864cc4866c4e7ecc32577c2b69f14e1208b6cc3a141d745819e03cb8eb0f2bed3d956975e37b0e79308cf7838
-
Filesize
204KB
MD507f8cfb0cc96532e96518b12c731753c
SHA1e5df349100d4577d62a80188b43101f822b99334
SHA256b8b7adb55a4e378d44096d596faa22b181288a347f5403fcfbc18655b6898b5f
SHA512ea5eb2e654809900d0bd3e7f985be584a333d93864cc4866c4e7ecc32577c2b69f14e1208b6cc3a141d745819e03cb8eb0f2bed3d956975e37b0e79308cf7838
-
Filesize
204KB
MD5f43c426de4a12b8d33a5e96e85f6d3d2
SHA12d1f20c4da370e80f78bf81af44f0fb39fb8b1a2
SHA2568883faa86c64d9f19e6f63c153baf19c89ecb1d1c45ce7da5f6af0d4b659dbdd
SHA5120424df953ad3976645c67e46ef0d7c3fb1da61dce55c2ab1282aff4fcfae1a2fe5f9445eeffe24918b427de4574ed9fc6497ccc95974f623961b08172f6436c1
-
Filesize
204KB
MD5f43c426de4a12b8d33a5e96e85f6d3d2
SHA12d1f20c4da370e80f78bf81af44f0fb39fb8b1a2
SHA2568883faa86c64d9f19e6f63c153baf19c89ecb1d1c45ce7da5f6af0d4b659dbdd
SHA5120424df953ad3976645c67e46ef0d7c3fb1da61dce55c2ab1282aff4fcfae1a2fe5f9445eeffe24918b427de4574ed9fc6497ccc95974f623961b08172f6436c1
-
Filesize
204KB
MD533b32496d09f6356f0d34bd47cf8c66f
SHA19f9d3b7b431bba2076484616a9427c55d6d388f1
SHA2567e7f58a3e94765ed31ed6e6fc2472502128b437a62f45971bf4950d788ec2423
SHA512f714fa1034bfd6e0ea4c05ecb3ec0f04f59cc8bef51d2305ad985c65e24312e92b5eae909d704678903b24609cfa48e7d04e227979bdb9da053f9b97e0da2c85
-
Filesize
204KB
MD533b32496d09f6356f0d34bd47cf8c66f
SHA19f9d3b7b431bba2076484616a9427c55d6d388f1
SHA2567e7f58a3e94765ed31ed6e6fc2472502128b437a62f45971bf4950d788ec2423
SHA512f714fa1034bfd6e0ea4c05ecb3ec0f04f59cc8bef51d2305ad985c65e24312e92b5eae909d704678903b24609cfa48e7d04e227979bdb9da053f9b97e0da2c85
-
Filesize
204KB
MD5cf5b42cd0eb0668397d14a1d5e108eae
SHA1a01cf53cbcf9fbe68eb94926468c35dea0480a10
SHA256540fcb2f5dd377f4b207f8b9d0bc66134f907cfa6f54992cbf2ae1f062e5be63
SHA5120f44145c041fa06d3d6937ddf14bfe813e20e9d1b6991f7889545a89c8761c9b78910ee9b4685fcb9536ce6255eb2fac0ac8d50423d8c02c8b78f37e274090aa
-
Filesize
204KB
MD5cf5b42cd0eb0668397d14a1d5e108eae
SHA1a01cf53cbcf9fbe68eb94926468c35dea0480a10
SHA256540fcb2f5dd377f4b207f8b9d0bc66134f907cfa6f54992cbf2ae1f062e5be63
SHA5120f44145c041fa06d3d6937ddf14bfe813e20e9d1b6991f7889545a89c8761c9b78910ee9b4685fcb9536ce6255eb2fac0ac8d50423d8c02c8b78f37e274090aa
-
Filesize
204KB
MD5cf5b42cd0eb0668397d14a1d5e108eae
SHA1a01cf53cbcf9fbe68eb94926468c35dea0480a10
SHA256540fcb2f5dd377f4b207f8b9d0bc66134f907cfa6f54992cbf2ae1f062e5be63
SHA5120f44145c041fa06d3d6937ddf14bfe813e20e9d1b6991f7889545a89c8761c9b78910ee9b4685fcb9536ce6255eb2fac0ac8d50423d8c02c8b78f37e274090aa
-
Filesize
204KB
MD5e2290d21ef2229534dc4b4eb66836ec8
SHA1ec1bbe305967dd8853e9922484c5bf72b0de6c1e
SHA256ab2f60406e9874fa78d46dd771a65f1ba708ef5d5c185e414387e6fe31d1b225
SHA5120e0482802056ca280a01edf3360488460052c0d6bf52de9f27c2d19227a88399c65ffb5580761488eb8ed1b40632ec3ca189a117c03c29513c85713fc576a117
-
Filesize
204KB
MD5e2290d21ef2229534dc4b4eb66836ec8
SHA1ec1bbe305967dd8853e9922484c5bf72b0de6c1e
SHA256ab2f60406e9874fa78d46dd771a65f1ba708ef5d5c185e414387e6fe31d1b225
SHA5120e0482802056ca280a01edf3360488460052c0d6bf52de9f27c2d19227a88399c65ffb5580761488eb8ed1b40632ec3ca189a117c03c29513c85713fc576a117
-
Filesize
204KB
MD53b71e87c1af6f660ec3c8dda27692085
SHA13c43517eaccce779e7ba2de724d8feeac61c9a3b
SHA25640e1f2aae7b6ef2a114943313ede736c4b9e7531544c9580b41addf685e6fcc6
SHA51283a932ad40d9bdac216e0cb9eb9c09309ebeff14683799e45f341a17c7ddb2ec1897f3e4aede2c006d07f76b313900722c36efe5b6ca0f1027e4436ace635d0d
-
Filesize
204KB
MD53b71e87c1af6f660ec3c8dda27692085
SHA13c43517eaccce779e7ba2de724d8feeac61c9a3b
SHA25640e1f2aae7b6ef2a114943313ede736c4b9e7531544c9580b41addf685e6fcc6
SHA51283a932ad40d9bdac216e0cb9eb9c09309ebeff14683799e45f341a17c7ddb2ec1897f3e4aede2c006d07f76b313900722c36efe5b6ca0f1027e4436ace635d0d
-
Filesize
204KB
MD51141d9ce71556986274e09d4b3dcce86
SHA17b11b8a46b21ba7f68929a2bb879c4809fe0e4a4
SHA256b011969e1cf3527a833836a7f5ae6749ddb334f7e95153ff5befee9b6488c563
SHA51273cd1ef3893653d15a1fb4f4e06c7fb9949cb5ba6ee4ab00f05444361726e2a44aa17a3164679dca23fee7e4467e2576ccc92a1eb680955974a260fdb5e42eb1
-
Filesize
204KB
MD51141d9ce71556986274e09d4b3dcce86
SHA17b11b8a46b21ba7f68929a2bb879c4809fe0e4a4
SHA256b011969e1cf3527a833836a7f5ae6749ddb334f7e95153ff5befee9b6488c563
SHA51273cd1ef3893653d15a1fb4f4e06c7fb9949cb5ba6ee4ab00f05444361726e2a44aa17a3164679dca23fee7e4467e2576ccc92a1eb680955974a260fdb5e42eb1