Analysis
-
max time kernel
128s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
28/08/2023, 16:40
Behavioral task
behavioral1
Sample
bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe
-
Size
481KB
-
MD5
afd5059634526a62419420ec64bd3d73
-
SHA1
45fba7c55c1a7f3631f063a3db09902be00e58eb
-
SHA256
bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4
-
SHA512
032d784d2b0f606765f11c3eeef48aace205402a59fd50e323c899e59f8cd21b7daa34d870813134c7781f8eebed20a5cda9d6e9cf494aee9c5b94786940d18c
-
SSDEEP
12288:JRXxReZj3WZfj/2eSseWFaIe2+f8CL47bs/ZO2ZDU:Jx7cyF2eSsewS8W47eZj
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2592 bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2592 wrote to memory of 1256 2592 bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe 89 PID 2592 wrote to memory of 1256 2592 bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe 89 PID 2592 wrote to memory of 1256 2592 bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe"C:\Users\Admin\AppData\Local\Temp\bf82f37c4f8fdd3b7572bd60a0f86e7d89356921728708434d07d6a2b0cbf7d4_JC.exe"1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\jftazwudgzkqulxh.vbs"2⤵PID:1256
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5a2a3571e1eea82aa1c2931969b6ede48
SHA1134f10e3f7cf195d495eda5fce804fc745b7c0f2
SHA2560c0346246f35bc5ccf74e894400bb688c778bf8148821e03177746d5fc647e6a
SHA5123e77ea97141206b634247f961c4b1c273e4a3355322b83df3973ab47e6c3d7544f0aac7e7db3b002a79bced0997e5f2dd3f9a225981a4aa8dde6f06755e0525b
-
Filesize
740B
MD5e1f02213c17ad98db7fe76e2d9b53bd1
SHA154a80b453bed4d26d3ec33205af396c71ed10098
SHA256317eff7c5697543803787a20246bc6a2f13496cb73f3e0e69511f6fc00a09dcf
SHA5128bb12417ea23f389d82192a5663b9ffff3810d6ed5ea5cb6284c62b319d813339a3194abe72861f2a54f08ecdf42ae2e96132ff5bd657bb112a97cb360765fcc