Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2023, 15:03

General

  • Target

    NA_5fc3742d0cfa7687a674e7f20_JC.exe

  • Size

    343KB

  • MD5

    c1c6070aa3fbca7937dd58081a60493b

  • SHA1

    94e33295639f263f0249be7c370d9ee81d1949a1

  • SHA256

    5fc3742d0cfa7687a674e7f209178ca2a50e08ba963f3d09d51550ca02b03d0c

  • SHA512

    96c54932e53396320d4096b78d50714e60c9dc0a8709b7b59f5889cc7a02fd7e96fb24ca8f177f736f40907f7ef9a11c32929ce416c596889db1173149e1dff5

  • SSDEEP

    6144:shl6oXbFH7mwiM6g2mQn9hDoYyBJdNt7BLPEFJM:KVXbdK5Nx19hDw3CJ

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\NA_5fc3742d0cfa7687a674e7f20_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NA_5fc3742d0cfa7687a674e7f20_JC.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 1440
      2⤵
      • Program crash
      PID:1880
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4920 -ip 4920
    1⤵
      PID:1984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4920-134-0x0000000002590000-0x0000000002690000-memory.dmp

      Filesize

      1024KB

    • memory/4920-135-0x0000000004200000-0x000000000423F000-memory.dmp

      Filesize

      252KB

    • memory/4920-136-0x0000000000400000-0x0000000002483000-memory.dmp

      Filesize

      32.5MB

    • memory/4920-137-0x00000000744A0000-0x0000000074C50000-memory.dmp

      Filesize

      7.7MB

    • memory/4920-139-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-138-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-140-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-141-0x0000000006C60000-0x0000000007204000-memory.dmp

      Filesize

      5.6MB

    • memory/4920-142-0x0000000007380000-0x0000000007998000-memory.dmp

      Filesize

      6.1MB

    • memory/4920-143-0x00000000079A0000-0x0000000007AAA000-memory.dmp

      Filesize

      1.0MB

    • memory/4920-144-0x0000000007AB0000-0x0000000007AC2000-memory.dmp

      Filesize

      72KB

    • memory/4920-145-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-146-0x0000000007AD0000-0x0000000007B0C000-memory.dmp

      Filesize

      240KB

    • memory/4920-147-0x0000000002590000-0x0000000002690000-memory.dmp

      Filesize

      1024KB

    • memory/4920-148-0x0000000004200000-0x000000000423F000-memory.dmp

      Filesize

      252KB

    • memory/4920-149-0x0000000000400000-0x0000000002483000-memory.dmp

      Filesize

      32.5MB

    • memory/4920-151-0x00000000744A0000-0x0000000074C50000-memory.dmp

      Filesize

      7.7MB

    • memory/4920-152-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-153-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-154-0x0000000007DD0000-0x0000000007E46000-memory.dmp

      Filesize

      472KB

    • memory/4920-155-0x0000000007E50000-0x0000000007EE2000-memory.dmp

      Filesize

      584KB

    • memory/4920-156-0x0000000007EF0000-0x0000000007F56000-memory.dmp

      Filesize

      408KB

    • memory/4920-157-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-158-0x0000000004340000-0x0000000004350000-memory.dmp

      Filesize

      64KB

    • memory/4920-159-0x0000000009390000-0x00000000093E0000-memory.dmp

      Filesize

      320KB

    • memory/4920-160-0x0000000009A90000-0x0000000009C52000-memory.dmp

      Filesize

      1.8MB

    • memory/4920-161-0x0000000009C60000-0x000000000A18C000-memory.dmp

      Filesize

      5.2MB

    • memory/4920-163-0x0000000000400000-0x0000000002483000-memory.dmp

      Filesize

      32.5MB

    • memory/4920-164-0x00000000744A0000-0x0000000074C50000-memory.dmp

      Filesize

      7.7MB