884104d6f1adf1b329a461535f4d0ba21c4dbd314d7c5861e1f97a4bee86c26f

Analysis

max time kernel
129s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22-07-2023 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_0227f4e5defbadexe_JC.exe
Size

2.0MB
MD5

0227f4e5defbad2ddace65901ae606de
SHA1

7b170e2d04a705a494a269df9382b6982212abbd
SHA256

884104d6f1adf1b329a461535f4d0ba21c4dbd314d7c5861e1f97a4bee86c26f
SHA512

0ab0325fe96b0ebcfdc3604a618e6bcf177011a6cc2c9f583fe497bec5e6e278f5acdcbe1e545450df3454c520bbbbad59abb87100da0e43efc105b19a4edaf2
SSDEEP

24576:Em0PSpyAWNwBw1aF8uY3X8TxrY89DEV20f7EM/Gi57L:yPSpFWNwBNF8uY3X8TxrY89DEffIQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 34 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5200310000000000ec56e562122041707044617461003c0008000400efbeec56e562ec56e5622a000000ed0100000000020000000000000000000000000000004100700070004400610074006100000016000000	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4a00310000000000f65680ae102054656d700000360008000400efbeec56e562f65680ae2a00000001020000000002000000000000000000000000000000540065006d007000000014000000	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7400310000000000ec56e5621100557365727300600008000400efbeee3a851aec56e5622a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_Classes\Local Settings	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4c00310000000000ec56ac68100041646d696e00380008000400efbeec56e562ec56ac682a00000030000000000004000000000000000000000000000000410064006d0069006e00000014000000	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\NodeSlot = "1"	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	NA_0227f4e5defbadexe_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	NA_0227f4e5defbadexe_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	NA_0227f4e5defbadexe_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 4c00310000000000ec56466510204c6f63616c00380008000400efbeec56e562ec5646652a000000000200000000020000000000000000000000000000004c006f00630061006c00000014000000	NA_0227f4e5defbadexe_JC.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1960	NA_0227f4e5defbadexe_JC.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1960	NA_0227f4e5defbadexe_JC.exe
1960	NA_0227f4e5defbadexe_JC.exe
1960	NA_0227f4e5defbadexe_JC.exe
1960	NA_0227f4e5defbadexe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NA_0227f4e5defbadexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_0227f4e5defbadexe_JC.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-56-0x00000000035A0000-0x00000000035A2000-memory.dmp

Filesize
8KB

Download