Overview

overview

7

Static

static

3

ca15fcc652c49f_JC.exe

windows7-x64

7

ca15fcc652c49f_JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18/07/2023, 16:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ca15fcc652c49f_JC.exe

  • Size

    52KB

  • MD5

    ca15fcc652c49f7a75818993b3761073

  • SHA1

    9cb8ade25c6e69d30613d5d94933b92ddba001fe

  • SHA256

    e6c23070d27c341c4b4e56c607c1fd35f460c63fe0e478309e9badb9fabea0d3

  • SHA512

    9332225f82971ab46ff426aa2be6e07cab43af4ffe04442e88b4ad784064e745d88b722f3efb192ad092f2c92ae9a16802dd84485a7a50ed5aaf66e2d8242a1b

  • SSDEEP

    768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPOYRmNxt5I5IK:6j+1NMOtEvwDpjr8ox8H

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca15fcc652c49f_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\ca15fcc652c49f_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2272

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          53KB

          MD5

          009fd80184e1c0ee1e120f63ed54df2d

          SHA1

          c8f10514cee5a049aae870e1cc51f2dd69d8e9ba

          SHA256

          994008577a75650a39ada15850ac48e7324b4c761d8523fa38cb6bc032e47656

          SHA512

          6647c920733f121f3aa653683f9d2b67e731bf2f1285c88f0bed43a062bd4aac088a0636c7be97b253aaac5ca0a82d2fa68fde5a3896ee4b5b896019d617c102

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          53KB

          MD5

          009fd80184e1c0ee1e120f63ed54df2d

          SHA1

          c8f10514cee5a049aae870e1cc51f2dd69d8e9ba

          SHA256

          994008577a75650a39ada15850ac48e7324b4c761d8523fa38cb6bc032e47656

          SHA512

          6647c920733f121f3aa653683f9d2b67e731bf2f1285c88f0bed43a062bd4aac088a0636c7be97b253aaac5ca0a82d2fa68fde5a3896ee4b5b896019d617c102

          Download Submit

        • \Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          53KB

          MD5

          009fd80184e1c0ee1e120f63ed54df2d

          SHA1

          c8f10514cee5a049aae870e1cc51f2dd69d8e9ba

          SHA256

          994008577a75650a39ada15850ac48e7324b4c761d8523fa38cb6bc032e47656

          SHA512

          6647c920733f121f3aa653683f9d2b67e731bf2f1285c88f0bed43a062bd4aac088a0636c7be97b253aaac5ca0a82d2fa68fde5a3896ee4b5b896019d617c102

          Download Submit

        • memory/2272-70-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2272-72-0x0000000000210000-0x0000000000216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2272-79-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2364-54-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2364-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2364-56-0x0000000000200000-0x0000000000206000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2364-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2364-69-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download