Analysis Overview
SHA256
a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dc
Threat Level: Known bad
The file a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.exe was found to be: Known bad.
Malicious Activity Summary
SystemBC
Blocklisted process makes network request
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-08-09 15:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-09 15:40
Reported
2023-08-09 15:43
Platform
win7-20230712-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
SystemBC
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.dll,#1
Network
| Country | Destination | Domain | Proto |
| RU | 5.42.65.67:4298 | tcp |
Files
memory/2352-54-0x000007FEF5470000-0x000007FEF5EA9000-memory.dmp
memory/2352-53-0x0000000077D10000-0x0000000077D12000-memory.dmp
memory/2352-56-0x0000000077D10000-0x0000000077D12000-memory.dmp
memory/2352-59-0x0000000077B60000-0x0000000077D09000-memory.dmp
memory/2352-58-0x0000000077D10000-0x0000000077D12000-memory.dmp
memory/2352-60-0x0000000077D20000-0x0000000077D22000-memory.dmp
memory/2352-64-0x0000000077D20000-0x0000000077D22000-memory.dmp
memory/2352-62-0x0000000077D20000-0x0000000077D22000-memory.dmp
memory/2352-65-0x0000000077D30000-0x0000000077D32000-memory.dmp
memory/2352-67-0x0000000077D30000-0x0000000077D32000-memory.dmp
memory/2352-69-0x0000000077D30000-0x0000000077D32000-memory.dmp
memory/2352-70-0x0000000077D40000-0x0000000077D42000-memory.dmp
memory/2352-74-0x0000000077D40000-0x0000000077D42000-memory.dmp
memory/2352-72-0x0000000077D40000-0x0000000077D42000-memory.dmp
memory/2352-75-0x0000000077D50000-0x0000000077D52000-memory.dmp
memory/2352-79-0x0000000077D50000-0x0000000077D52000-memory.dmp
memory/2352-77-0x0000000077D50000-0x0000000077D52000-memory.dmp
memory/2352-82-0x000007FEFDA30000-0x000007FEFDA32000-memory.dmp
memory/2352-84-0x000007FEFDA30000-0x000007FEFDA32000-memory.dmp
memory/2352-89-0x000007FEFDA40000-0x000007FEFDA42000-memory.dmp
memory/2352-87-0x000007FEFDA40000-0x000007FEFDA42000-memory.dmp
memory/2352-90-0x000007FEF5470000-0x000007FEF5EA9000-memory.dmp
memory/2352-91-0x0000000077B60000-0x0000000077D09000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-09 15:40
Reported
2023-08-09 15:42
Platform
win10v2004-20230703-en
Max time kernel
127s
Max time network
137s
Command Line
Signatures
SystemBC
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 5.42.65.67:4298 | tcp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
memory/2172-134-0x00007FFFD3670000-0x00007FFFD40A9000-memory.dmp
memory/2172-135-0x00007FFFF1AE0000-0x00007FFFF1AE2000-memory.dmp
memory/2172-133-0x00007FFFF1AD0000-0x00007FFFF1AD2000-memory.dmp
memory/2172-136-0x00007FFFF1AF0000-0x00007FFFF1AF2000-memory.dmp
memory/2172-137-0x00007FFFF1210000-0x00007FFFF1212000-memory.dmp
memory/2172-138-0x00007FFFF1220000-0x00007FFFF1222000-memory.dmp
memory/2172-139-0x00007FFFEF720000-0x00007FFFEF722000-memory.dmp
memory/2172-140-0x00007FFFEF730000-0x00007FFFEF732000-memory.dmp
memory/2172-141-0x00007FFFD3670000-0x00007FFFD40A9000-memory.dmp