Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14/09/2023, 17:11
Static task
static1
Behavioral task
behavioral1
Sample
6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe
Resource
win10v2004-20230831-en
General
-
Target
6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe
-
Size
612KB
-
MD5
e8deb5283ad5d23b0837bdec68ba5fd3
-
SHA1
f6b2d51ae637fed40d14e101004150f558dcc7d2
-
SHA256
6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597
-
SHA512
9b6a3b0ea14c4877bc5135cfa304315e19bc043c3c84a3ca4eedd9df060fc5584e3766548d1294adb2e9a3c173a8103221e14bc1c9e1ae3ac22ce739c09d0f72
-
SSDEEP
6144:SgORa6xKTuuuqjL7IMLeSC3cwyOPhcn4H5Gx1+tp2MI4OFiDLBH73E55ag6WqRrJ:Sgm/SOhhcnj8mcBHLzg6WsrwuwHn2
Malware Config
Signatures
-
Loads dropped DLL 8 IoCs
pid Process 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\resources\0409\eviler.sst 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 2920 1696 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1696 wrote to memory of 2920 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 28 PID 1696 wrote to memory of 2920 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 28 PID 1696 wrote to memory of 2920 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 28 PID 1696 wrote to memory of 2920 1696 6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe"C:\Users\Admin\AppData\Local\Temp\6b84c9e16c1ef41bbb3b00b48248cbf0745f0435a7e152cb8176900545d5c597_JC.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 5442⤵
- Program crash
PID:2920
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD56e55a6e7c3fdbd244042eb15cb1ec739
SHA1070ea80e2192abc42f358d47b276990b5fa285a9
SHA256acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA5122d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
-
Filesize
7KB
MD5ec9c99216ef11cdd85965e78bc797d2c
SHA11d5f93fbf4f8aab8164b109e9e1768e7b80ad88c
SHA256c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df
SHA51235ff522c4efb3875fce0d6dce438f5225e5f27b414e7c16df88031e90b528c057fe10b4bbf755445c0500c3521e0797f562690aa7209f588169164bbfaceaba1
-
Filesize
12KB
MD56e55a6e7c3fdbd244042eb15cb1ec739
SHA1070ea80e2192abc42f358d47b276990b5fa285a9
SHA256acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA5122d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
-
Filesize
12KB
MD56e55a6e7c3fdbd244042eb15cb1ec739
SHA1070ea80e2192abc42f358d47b276990b5fa285a9
SHA256acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA5122d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
-
Filesize
7KB
MD5ec9c99216ef11cdd85965e78bc797d2c
SHA11d5f93fbf4f8aab8164b109e9e1768e7b80ad88c
SHA256c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df
SHA51235ff522c4efb3875fce0d6dce438f5225e5f27b414e7c16df88031e90b528c057fe10b4bbf755445c0500c3521e0797f562690aa7209f588169164bbfaceaba1
-
Filesize
7KB
MD5ec9c99216ef11cdd85965e78bc797d2c
SHA11d5f93fbf4f8aab8164b109e9e1768e7b80ad88c
SHA256c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df
SHA51235ff522c4efb3875fce0d6dce438f5225e5f27b414e7c16df88031e90b528c057fe10b4bbf755445c0500c3521e0797f562690aa7209f588169164bbfaceaba1
-
Filesize
7KB
MD5ec9c99216ef11cdd85965e78bc797d2c
SHA11d5f93fbf4f8aab8164b109e9e1768e7b80ad88c
SHA256c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df
SHA51235ff522c4efb3875fce0d6dce438f5225e5f27b414e7c16df88031e90b528c057fe10b4bbf755445c0500c3521e0797f562690aa7209f588169164bbfaceaba1
-
Filesize
7KB
MD5ec9c99216ef11cdd85965e78bc797d2c
SHA11d5f93fbf4f8aab8164b109e9e1768e7b80ad88c
SHA256c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df
SHA51235ff522c4efb3875fce0d6dce438f5225e5f27b414e7c16df88031e90b528c057fe10b4bbf755445c0500c3521e0797f562690aa7209f588169164bbfaceaba1
-
Filesize
7KB
MD5ec9c99216ef11cdd85965e78bc797d2c
SHA11d5f93fbf4f8aab8164b109e9e1768e7b80ad88c
SHA256c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df
SHA51235ff522c4efb3875fce0d6dce438f5225e5f27b414e7c16df88031e90b528c057fe10b4bbf755445c0500c3521e0797f562690aa7209f588169164bbfaceaba1
-
Filesize
7KB
MD5ec9c99216ef11cdd85965e78bc797d2c
SHA11d5f93fbf4f8aab8164b109e9e1768e7b80ad88c
SHA256c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df
SHA51235ff522c4efb3875fce0d6dce438f5225e5f27b414e7c16df88031e90b528c057fe10b4bbf755445c0500c3521e0797f562690aa7209f588169164bbfaceaba1