63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe
Size

2.5MB
MD5

471ac47ad3de3d7a3de0a0a835ca8753
SHA1

852af2699766e70313e5e53cbb7160426f43b736
SHA256

63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b
SHA512

181555da95d2a6856bb93219c1c88475d9d1f6ab8cb6964a93d658b9b397f97af205b7aae1e571bc1d3237683b8531255f3e794f1813745d579fab785ab505c7
SSDEEP

49152:qDkUjjPGipmiSC/Rmcaz/4fxqhooOkC9ErmBLFh2YCNVUW9coaNnNv:q4UXGcv6wJq2t9T9F1AVn76nNv

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1732	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1732	1328	63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe	28
PID 1328 wrote to memory of 1732	1328	63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe	28
PID 1328 wrote to memory of 1732	1328	63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe	28
PID 1328 wrote to memory of 1732	1328	63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe	28
PID 1328 wrote to memory of 1732	1328	63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe	28
PID 1328 wrote to memory of 1732	1328	63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe	28
PID 1328 wrote to memory of 1732	1328	63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe
"C:\Users\Admin\AppData\Local\Temp\63c4a15cd773f238eff00aa96951811734883b01d9460389aee9cdbe3edc437b_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" -S 4SYdFFT7.C /u
  2⤵
  - Loads dropped DLL
  PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4SYdFFT7.C

Filesize
2.4MB

MD5
34a16a973ebc6f7cf89b067d6ae83a9e

SHA1
c252c1ad954e5986c8dcccedc15b081c1087591c

SHA256
d5fe2bfcda64334d84585003b4441081fe99b6352caa5e61ad25bc0dd80ef63f

SHA512
d81cd55659910a83471159865d76e7c5bd2246632b42d40581620033e79444880530a6546a178cbc314665ae428f03aa6fd7b1a6d7c96f66baaa521522850878

Download Submit
\Users\Admin\AppData\Local\Temp\4sydfft7.c

Filesize
2.4MB

MD5
34a16a973ebc6f7cf89b067d6ae83a9e

SHA1
c252c1ad954e5986c8dcccedc15b081c1087591c

SHA256
d5fe2bfcda64334d84585003b4441081fe99b6352caa5e61ad25bc0dd80ef63f

SHA512
d81cd55659910a83471159865d76e7c5bd2246632b42d40581620033e79444880530a6546a178cbc314665ae428f03aa6fd7b1a6d7c96f66baaa521522850878

Download Submit
memory/1732-57-0x0000000001DD0000-0x0000000002042000-memory.dmp

Filesize
2.4MB

Download
memory/1732-59-0x0000000001DD0000-0x0000000002042000-memory.dmp

Filesize
2.4MB

Download
memory/1732-58-0x00000000001A0000-0x00000000001A6000-memory.dmp

Filesize
24KB

Download
memory/1732-61-0x00000000023B0000-0x00000000024A4000-memory.dmp

Filesize
976KB

Download
memory/1732-62-0x00000000024B0000-0x000000000258B000-memory.dmp

Filesize
876KB

Download
memory/1732-63-0x00000000024B0000-0x000000000258B000-memory.dmp

Filesize
876KB

Download
memory/1732-66-0x0000000001DD0000-0x0000000002042000-memory.dmp

Filesize
2.4MB

Download
memory/1732-65-0x00000000024B0000-0x000000000258B000-memory.dmp

Filesize
876KB

Download
memory/1732-67-0x00000000024B0000-0x000000000258B000-memory.dmp

Filesize
876KB

Download