Analysis

  • max time kernel
    128s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2023, 15:03

General

  • Target

    NA_6105816824582f328f8f6b7a9_JC.exe

  • Size

    350KB

  • MD5

    e2d4ff2d0f79d3b26b1c33bc3d3e984f

  • SHA1

    8f9ae2d5b18688a81de969a2746e5d1e6bb0d9b1

  • SHA256

    6105816824582f328f8f6b7a9ee5e55cb8af62a0a2e114467136ee5ea9c6f2d9

  • SHA512

    7c4bc4998ce42ec01a0a5df50b8e459b3ac3d736d988b090d7eab9fac54f87d51f4abbb9817731326dee4a388ef41acb6dd7a9f7e88860ee016c57cf179f8930

  • SSDEEP

    6144:iKnMahrSLFys2O5h0xUfx0OxlM5b8RMSb7IUny0:5nFNSLPh5z504ab3mo0

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\NA_6105816824582f328f8f6b7a9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NA_6105816824582f328f8f6b7a9_JC.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2680
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 1284
      2⤵
      • Program crash
      PID:4564
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2680 -ip 2680
    1⤵
      PID:4800

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2680-134-0x00000000024A0000-0x00000000025A0000-memory.dmp

      Filesize

      1024KB

    • memory/2680-135-0x00000000041D0000-0x000000000420F000-memory.dmp

      Filesize

      252KB

    • memory/2680-136-0x0000000000400000-0x0000000002485000-memory.dmp

      Filesize

      32.5MB

    • memory/2680-137-0x0000000074C40000-0x00000000753F0000-memory.dmp

      Filesize

      7.7MB

    • memory/2680-138-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

      Filesize

      64KB

    • memory/2680-139-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

      Filesize

      64KB

    • memory/2680-140-0x0000000006DB0000-0x0000000007354000-memory.dmp

      Filesize

      5.6MB

    • memory/2680-141-0x0000000007360000-0x0000000007978000-memory.dmp

      Filesize

      6.1MB

    • memory/2680-142-0x0000000007980000-0x0000000007A8A000-memory.dmp

      Filesize

      1.0MB

    • memory/2680-144-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

      Filesize

      64KB

    • memory/2680-143-0x0000000007AB0000-0x0000000007AC2000-memory.dmp

      Filesize

      72KB

    • memory/2680-145-0x0000000007AD0000-0x0000000007B0C000-memory.dmp

      Filesize

      240KB

    • memory/2680-146-0x00000000024A0000-0x00000000025A0000-memory.dmp

      Filesize

      1024KB

    • memory/2680-147-0x0000000000400000-0x0000000002485000-memory.dmp

      Filesize

      32.5MB

    • memory/2680-148-0x00000000041D0000-0x000000000420F000-memory.dmp

      Filesize

      252KB

    • memory/2680-149-0x0000000074C40000-0x00000000753F0000-memory.dmp

      Filesize

      7.7MB

    • memory/2680-150-0x0000000007DD0000-0x0000000007E46000-memory.dmp

      Filesize

      472KB

    • memory/2680-151-0x0000000007E50000-0x0000000007EE2000-memory.dmp

      Filesize

      584KB

    • memory/2680-152-0x0000000007EF0000-0x0000000007F56000-memory.dmp

      Filesize

      408KB

    • memory/2680-153-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

      Filesize

      64KB

    • memory/2680-154-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

      Filesize

      64KB

    • memory/2680-155-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

      Filesize

      64KB

    • memory/2680-156-0x0000000008870000-0x0000000008A32000-memory.dmp

      Filesize

      1.8MB

    • memory/2680-157-0x0000000008A40000-0x0000000008F6C000-memory.dmp

      Filesize

      5.2MB

    • memory/2680-158-0x00000000090C0000-0x0000000009110000-memory.dmp

      Filesize

      320KB

    • memory/2680-160-0x0000000000400000-0x0000000002485000-memory.dmp

      Filesize

      32.5MB

    • memory/2680-162-0x0000000074C40000-0x00000000753F0000-memory.dmp

      Filesize

      7.7MB