Overview

overview

5

Static

static

3

54ec929ab8...JC.exe

windows7-x64

5

54ec929ab8...JC.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    143s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2023 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54ec929ab868528d647d285298b5ab71ef9aad83e1a3594b3d13f2a02f127d96_JC.exe

  • Size

    753KB

  • MD5

    d0b5e28ea7fe6421a78f3e73c49ce5e2

  • SHA1

    73c172755dfcc9b5762a7410497f4da86264a359

  • SHA256

    54ec929ab868528d647d285298b5ab71ef9aad83e1a3594b3d13f2a02f127d96

  • SHA512

    3332f4431b0ff9743de47ac7d412556010c529ca1b34ee2d0aa717b29e425312c8faac4e4c90172f19e69dcd7a782f9afc3613ffc365fde491be00485d492cb0

  • SSDEEP

    12288:AtBCeu+x9twSZxex8EmVIXe5f+8xzPFXvpNMW4:UBCeu+5U6IO5W8xzdnMJ

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54ec929ab868528d647d285298b5ab71ef9aad83e1a3594b3d13f2a02f127d96_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\54ec929ab868528d647d285298b5ab71ef9aad83e1a3594b3d13f2a02f127d96_JC.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2060-67-0x00000000745C0000-0x0000000074CAE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2060-54-0x0000000000260000-0x0000000000322000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2060-56-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2060-57-0x0000000000490000-0x00000000004A6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2060-58-0x00000000745C0000-0x0000000074CAE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2060-59-0x0000000004A20000-0x0000000004A96000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2060-55-0x00000000745C0000-0x0000000074CAE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3004-60-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3004-64-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3004-66-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3004-62-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3004-68-0x00000000008A0000-0x0000000000BA3000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/3004-69-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download