Overview

overview

7

Static

static

3

NA_082557e...JC.exe

windows7-x64

7

NA_082557e...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    22-07-2023 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NA_082557e567b32aexe_JC.exe

  • Size

    327KB

  • MD5

    082557e567b32ac0097c4c4b99c2a809

  • SHA1

    b749033c2ba5f9d370ccd4c36b472181ea003882

  • SHA256

    148159192e26ff2d2a146128155dd1f9cc3f8c16b8acc9c5532b0e253ae8d2c6

  • SHA512

    126fe099604609641dd3b7af588842cf3896cbc332c7719e17975485cb9b17520ecedb90dd0f1f68e2dc8c78d9c6682157bdaf70175bc77a287ee363fadd7759

  • SSDEEP

    6144:u2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDhs2+JS2sFE:u2TFafJiHCWBWPMjVWrXfs2TFE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NA_082557e567b32aexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NA_082557e567b32aexe_JC.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2596
    • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2112
      • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe"
        3⤵
        • Executes dropped EXE
        PID:2448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\dwmsys.exe
    Filesize

    327KB

    MD5

    64f2b578d2e0f02bd23565c18b7fb4fa

    SHA1

    26964a04667d9d9514d26f964df85d8471e6db79

    SHA256

    af9a356caf981f2d79c1c093f86b46a5a61ab4c15848b0218fc2b11d2dab17e7

    SHA512

    566bee22d8aacbc41e578016b4b8e76afc50f250f9c4b09267547de1a68b59c14fde4cc8b3236084e701e8e30b098158546ca556c207997c47e2051b575c2e46

    Download Submit