09dfa8266b827d2789f42304e0082ed069d2b34b1d090959c81d33816c8043ae

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
18/09/2023, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c685731156909e348e77e5c082829f46_JC.exe
Size

93KB
MD5

c685731156909e348e77e5c082829f46
SHA1

444432b16006e195a273412a41f7b5120e121e43
SHA256

09dfa8266b827d2789f42304e0082ed069d2b34b1d090959c81d33816c8043ae
SHA512

74cc11d914de15b03ed5a7bf294ed2531fd27e630b61b50cd9f0bac871ae2bd44804b434770a303a81973265122713c9bd221c4cbd6b4262343690181449e7ab
SSDEEP

1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh7h:tiAyLN9qa+oEGrWViJSzIR6JJrWNZb

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2968	WwanSvc.exe

Loads dropped DLL 1 IoCs

pid	Process
2056	c685731156909e348e77e5c082829f46_JC.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\WwanSvc.exe\" /run"	c685731156909e348e77e5c082829f46_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2968	2056	c685731156909e348e77e5c082829f46_JC.exe	28
PID 2056 wrote to memory of 2968	2056	c685731156909e348e77e5c082829f46_JC.exe	28
PID 2056 wrote to memory of 2968	2056	c685731156909e348e77e5c082829f46_JC.exe	28
PID 2056 wrote to memory of 2968	2056	c685731156909e348e77e5c082829f46_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\c685731156909e348e77e5c082829f46_JC.exe
"C:\Users\Admin\AppData\Local\Temp\c685731156909e348e77e5c082829f46_JC.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2056
- C:\ProgramData\Update\WwanSvc.exe
  "C:\ProgramData\Update\WwanSvc.exe" /run
  2⤵
  - Executes dropped EXE
  PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
97f976f6e129e2492d8d5e9d40d60339

SHA1
e3d0e8c1e99941e2cf5581f9ea34850296e2a27d

SHA256
1cb61fe249b3a43e1544a6d09e93052099880ca358bde1064da7cd6dd8b6e2d7

SHA512
39aa81c4b37421a08d08bc9c40b49ef33fcbc83c0ec5476cb5743df9d1bafd6e8beb8e8fea91e3a3a0467ada0d44f801f1d871523ef9bee66dbfe9922b2a8e43

Download Submit
\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
97f976f6e129e2492d8d5e9d40d60339

SHA1
e3d0e8c1e99941e2cf5581f9ea34850296e2a27d

SHA256
1cb61fe249b3a43e1544a6d09e93052099880ca358bde1064da7cd6dd8b6e2d7

SHA512
39aa81c4b37421a08d08bc9c40b49ef33fcbc83c0ec5476cb5743df9d1bafd6e8beb8e8fea91e3a3a0467ada0d44f801f1d871523ef9bee66dbfe9922b2a8e43

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads