Overview

overview

7

Static

static

3

77401e4b13...JC.exe

windows7-x64

7

77401e4b13...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-09-2023 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77401e4b137377e333cb4346e676cae0_JC.exe

  • Size

    2.6MB

  • MD5

    77401e4b137377e333cb4346e676cae0

  • SHA1

    ad728fd67cd1bcac3cd565d893790afee4fd5d39

  • SHA256

    5c9686f7ed95f863e7f2ab4b7114026462c10371e304f757a0936991c424793e

  • SHA512

    fcabf913af4bfa044b3c88f29d024135413fa2f1de1ab83603fe8cc336a20db2cc50c9ed7164a79233122b81e81ee7b706adf16954f361682cc38ddd192203dc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBh9w4Sr:+R0pI/IQlUoMPdmpSph4+

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77401e4b137377e333cb4346e676cae0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\77401e4b137377e333cb4346e676cae0_JC.exe"
    1⤵
    • Adds Run key to start application
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3864
    • C:\UserDotVK\devbodsys.exe
      C:\UserDotVK\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintU2\bodxloc.exe
    Filesize

    2.6MB

    MD5

    8f5d67d2990109f67b68231295c69818

    SHA1

    0a76a5a1658a88d59aa17d908eb7a71e626c6c7a

    SHA256

    5efb6ff5777b33c35258acd8826c77aa2966d1c280b068a0cb092e6d03e6d6b3

    SHA512

    5827d0d119d4a1d39c65d8ee129544a2b1a7bf9942d8f250703a01a07909245211d8dff905e9541215bb250a15dabe774c31a90bc8698134d48d699a541a10c5

    Download Submit

  • C:\UserDotVK\devbodsys.exe
    Filesize

    2.6MB

    MD5

    0b7fbbd7f0791d9fc5ac424ab9497dfb

    SHA1

    cf972a07a5267553e9a48851209412c552fd51e5

    SHA256

    34b04d631914faf8029ee2375de8289ad62faa97d0a8d08f5f851499a18bcb90

    SHA512

    c76c9966e9b82816582583d39af0200f87197a10264a21093e15aa9a19f05544a01913caaa544e2f141c692067028409c649d812bba5c45554cc2559283d15e9

    Download Submit

  • C:\UserDotVK\devbodsys.exe
    Filesize

    2.6MB

    MD5

    0b7fbbd7f0791d9fc5ac424ab9497dfb

    SHA1

    cf972a07a5267553e9a48851209412c552fd51e5

    SHA256

    34b04d631914faf8029ee2375de8289ad62faa97d0a8d08f5f851499a18bcb90

    SHA512

    c76c9966e9b82816582583d39af0200f87197a10264a21093e15aa9a19f05544a01913caaa544e2f141c692067028409c649d812bba5c45554cc2559283d15e9

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    9bd40f48e2b3bc7dcb3ce3f30d295503

    SHA1

    3518cc5a877716c8abd072d215f6cfab932660e8

    SHA256

    dca93d2ba54b6d2da811d371f81bc5c90ff0cba96e7c89622cb1fc969e4c668a

    SHA512

    61df447a4d5acfe60954b653b4890f2ef29f0114e265bb0881620c5c2287552e70a6a65c77cb3329b89af2f1f2452ba618ed2909786d15d20e59258d3a978c95

    Download Submit