Overview

overview

7

Static

static

3

NA_NA_1ca9...JC.exe

windows7-x64

7

NA_NA_1ca9...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NA_NA_1ca9fd6d1782ddexeexe_JC.exe

  • Size

    280KB

  • MD5

    1ca9fd6d1782dd240f32b121b947065e

  • SHA1

    2ad6ba1f1881f8d83f197549f43ee56c1311f57f

  • SHA256

    398e11e41cb7415cbbfb79bd47be8dfab34699897061076d18ab633ba403b39b

  • SHA512

    9e61c5d40263c34f5cb5a0869c9dde1f5c05aae391c5a5a2071145314d5ea27ec788e3b40b0b0842d79febeb8d99863cf8fd6e941b706a2d872cc4fd5881a905

  • SSDEEP

    6144:GTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:GTBPFV0RyWl3h2E+7pl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NA_NA_1ca9fd6d1782ddexeexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NA_NA_1ca9fd6d1782ddexeexe_JC.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1676
      • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe"
        3⤵
        • Executes dropped EXE
        PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
    Filesize

    280KB

    MD5

    8e6f85360c464738662e8298d6cb9a0d

    SHA1

    0565ee46e99e2a5daa2ab842294bc08f522bdf59

    SHA256

    56316af1ad273c63b39460e7d13b77d15d60431b04f1a784023b25e4eb7dbc28

    SHA512

    316c01b925463713550582c6c04439801e89e97e9bd0fda8892e4bf951c837cd166e1e3bf6657808f43bf076784c4980476b269ba1d2b8bf800ac66d6518f961

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
    Filesize

    280KB

    MD5

    8e6f85360c464738662e8298d6cb9a0d

    SHA1

    0565ee46e99e2a5daa2ab842294bc08f522bdf59

    SHA256

    56316af1ad273c63b39460e7d13b77d15d60431b04f1a784023b25e4eb7dbc28

    SHA512

    316c01b925463713550582c6c04439801e89e97e9bd0fda8892e4bf951c837cd166e1e3bf6657808f43bf076784c4980476b269ba1d2b8bf800ac66d6518f961

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
    Filesize

    280KB

    MD5

    8e6f85360c464738662e8298d6cb9a0d

    SHA1

    0565ee46e99e2a5daa2ab842294bc08f522bdf59

    SHA256

    56316af1ad273c63b39460e7d13b77d15d60431b04f1a784023b25e4eb7dbc28

    SHA512

    316c01b925463713550582c6c04439801e89e97e9bd0fda8892e4bf951c837cd166e1e3bf6657808f43bf076784c4980476b269ba1d2b8bf800ac66d6518f961

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
    Filesize

    280KB

    MD5

    8e6f85360c464738662e8298d6cb9a0d

    SHA1

    0565ee46e99e2a5daa2ab842294bc08f522bdf59

    SHA256

    56316af1ad273c63b39460e7d13b77d15d60431b04f1a784023b25e4eb7dbc28

    SHA512

    316c01b925463713550582c6c04439801e89e97e9bd0fda8892e4bf951c837cd166e1e3bf6657808f43bf076784c4980476b269ba1d2b8bf800ac66d6518f961

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
    Filesize

    280KB

    MD5

    8e6f85360c464738662e8298d6cb9a0d

    SHA1

    0565ee46e99e2a5daa2ab842294bc08f522bdf59

    SHA256

    56316af1ad273c63b39460e7d13b77d15d60431b04f1a784023b25e4eb7dbc28

    SHA512

    316c01b925463713550582c6c04439801e89e97e9bd0fda8892e4bf951c837cd166e1e3bf6657808f43bf076784c4980476b269ba1d2b8bf800ac66d6518f961

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
    Filesize

    280KB

    MD5

    8e6f85360c464738662e8298d6cb9a0d

    SHA1

    0565ee46e99e2a5daa2ab842294bc08f522bdf59

    SHA256

    56316af1ad273c63b39460e7d13b77d15d60431b04f1a784023b25e4eb7dbc28

    SHA512

    316c01b925463713550582c6c04439801e89e97e9bd0fda8892e4bf951c837cd166e1e3bf6657808f43bf076784c4980476b269ba1d2b8bf800ac66d6518f961

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\lsassys.exe
    Filesize

    280KB

    MD5

    8e6f85360c464738662e8298d6cb9a0d

    SHA1

    0565ee46e99e2a5daa2ab842294bc08f522bdf59

    SHA256

    56316af1ad273c63b39460e7d13b77d15d60431b04f1a784023b25e4eb7dbc28

    SHA512

    316c01b925463713550582c6c04439801e89e97e9bd0fda8892e4bf951c837cd166e1e3bf6657808f43bf076784c4980476b269ba1d2b8bf800ac66d6518f961

    Download Submit