Overview

overview

7

Static

static

7

39c0ad75b0...JC.exe

windows7-x64

7

39c0ad75b0...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/09/2023, 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39c0ad75b07017ddb7e66b789f56e223_JC.exe

  • Size

    84KB

  • MD5

    39c0ad75b07017ddb7e66b789f56e223

  • SHA1

    201a5d4658646371ab1e21d7f1b79bc4ab8c9019

  • SHA256

    2cf5e920703fb6f4d0b4bfb727317aa6360653c801dccd3e504d1866de78204a

  • SHA512

    aee1d415468b7fab7088921d86d60ed20ea5299ee32ea448b713eea58b2855896134a794a6b81326c58e53f6c51fe0ee3944b044a2d0e37609fff571b9ef227a

  • SSDEEP

    768:eCNK2cNW0QbRsWjcd+6yBFLqJ4Z8qx70RM8/O/B2ZR1RGn8NIoGLLRNeodS:eEcNjQlsWjcd+xzl7SM+Gn8255Neog

Score
7/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39c0ad75b07017ddb7e66b789f56e223_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\39c0ad75b07017ddb7e66b789f56e223_JC.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    406KB

    MD5

    35edb6250c36cc2ac83319790b0498fb

    SHA1

    c02390e00d23da3689150ea012f293eedd303f22

    SHA256

    8b2670c159a0d03f14b0903a5baced603292e27fe05c4e3cf0e2df75becd72bf

    SHA512

    9a6b8516a4e88fcd1f793fbe410a8fe6a086f6914fa0d61904aad97382fb9de1c6a17be507a97ffef6c3820d8b7a2ea784cadeaae24162fc87b9e3131cd13e3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\x2jgHLxgEnnJPjr.exe
    Filesize

    84KB

    MD5

    72ba35792e4a9fc982ba1abb24c1215f

    SHA1

    186f1e2313bc0267558aece2eb217f0efcdc680d

    SHA256

    909f0623a8d7d994499cc6a1f463e1d9c19b070784f409cbe4e6d05bf34da7ed

    SHA512

    f05c5326f3f065292f688c4936d2c58d0efc6c0c71cc79ea14afc5fd776c4c6e51d83639bc13235238d6275f849406fdee88968f429cdc048ffd16558962a7de

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    84KB

    MD5

    61e4cd6776d8367eee2470e5452bdd15

    SHA1

    ce19b517032d6cd9b201a4e74eaaf009f86d6563

    SHA256

    ff52d994f38f49789547cf1efe7c6a6535162c2ee1c405dadd229a6be1cf23a3

    SHA512

    ba6db6db02788cc9b3bbaed92fb4a47d11f9a857a00b5384ec4f5f4baa91825a6800f255f030c0ac455ab3562c321c632ab39ad4ddfcedd9530db1515fe6cd77

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    84KB

    MD5

    61e4cd6776d8367eee2470e5452bdd15

    SHA1

    ce19b517032d6cd9b201a4e74eaaf009f86d6563

    SHA256

    ff52d994f38f49789547cf1efe7c6a6535162c2ee1c405dadd229a6be1cf23a3

    SHA512

    ba6db6db02788cc9b3bbaed92fb4a47d11f9a857a00b5384ec4f5f4baa91825a6800f255f030c0ac455ab3562c321c632ab39ad4ddfcedd9530db1515fe6cd77

    Download Submit

  • memory/3076-8-0x0000000000BC0000-0x0000000000BD9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3076-32-0x0000000000BC0000-0x0000000000BD9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/4336-0-0x0000000000900000-0x0000000000919000-memory.dmp

    Filesize

    100KB

    Download

  • memory/4336-7-0x0000000000900000-0x0000000000919000-memory.dmp

    Filesize

    100KB

    Download