Overview

overview

10

Static

static

3

NA_NA_246c...JC.exe

windows7-x64

10

NA_NA_246c...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2023, 18:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NA_NA_246c4678314ee4exeexe_JC.exe

  • Size

    2.4MB

  • MD5

    246c4678314ee4489631d95ec05fe067

  • SHA1

    20a93f8d49979ea42e4a929be47c742fd92fc38e

  • SHA256

    72bf544125dc2a21ed0951e06b630fa25605bf3b06194fc81e576c216c5c3996

  • SHA512

    7ed1d4a1e665603c4abec410021718a911b518fbecb8d6ca7d93db385f6a6141fab4608e480c967a828c238f50a606e121973337f150e405a8cfc8be66c492d3

  • SSDEEP

    12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCN:eEtl9mRda12sX7hKB8NIyXbacAfm

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops startup file 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NA_NA_246c4678314ee4exeexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NA_NA_246c4678314ee4exeexe_JC.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1400

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4219371764-2579186923-3390623117-1000\desktop.ini.exe
          Filesize

          2.4MB

          MD5

          31df3f5eee2f9fed7f7da51d3d29739e

          SHA1

          285924724a2966db2ec7183d40032987a88db70a

          SHA256

          dcd45793a32516b18562a3fb3de080706f9c3a4baacd01b743da08f5318dc85a

          SHA512

          0c07211b0b8f53d6716a782ea885188174353c956bd7c7b794d119c329ea90b9771d63aad189714bf2ae581fb9f655d1ce516f0749fcdb58cbec2e6e1b95b6ee

          Download Submit

        • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
          Filesize

          3.2MB

          MD5

          f83b2625b3af71101799e4f6a5921b16

          SHA1

          05b34bc96adcb28c7d46e12a1f2aa73ffa585ee6

          SHA256

          2c7f20f1907bc54be4d1557d91e782b0f8600cb34d5f3961a0c748ef4df8e42b

          SHA512

          6218380721dcd2f012b4f0966842d3ba8314ee980d9bff24e3d2e403f56a1576e3b6967892943e13566679f810d106aa390cc9ee8845df8ee8c307a93059637d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          1KB

          MD5

          5103c35a52535c97bf2eb80e267bbdb9

          SHA1

          2ac85ec767f0e0b62d01fd46dbc2c334c3d5d2c1

          SHA256

          95fa0c2f8a05289db76cc490b27bdb53e060bc6b09e4888464fb6fa5bc9b9b84

          SHA512

          fd945e3ab8393f4aec95db21e9d1fc41c9a8d5702e9ac457ae3ec95efd4b1454aecaef3852e95f9bfe1e2dc4f6a707445ad5cd35bd3474c61355de2d041dacf6

          Download Submit

        • F:\AUTORUN.INF
          Filesize

          145B

          MD5

          ca13857b2fd3895a39f09d9dde3cca97

          SHA1

          8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

          SHA256

          cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

          SHA512

          55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

          Download Submit

        • memory/1400-55-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1400-54-0x0000000000400000-0x000000000047B000-memory.dmp

          Filesize

          492KB

          Download

        • memory/1400-126-0x0000000000400000-0x000000000047B000-memory.dmp

          Filesize

          492KB

          Download