Overview

overview

7

Static

static

3

2cab98e957...JC.exe

windows7-x64

7

2cab98e957...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/09/2023, 18:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2cab98e957f76ee0b71577440fed15c41318803f5c3e8e9bca9f3f2622ba6493_JC.exe

  • Size

    1.9MB

  • MD5

    4266ca9ad0db7e8663db5be5c8170928

  • SHA1

    e3e80cc74cc04b096ba2e163322784cc40b1b298

  • SHA256

    2cab98e957f76ee0b71577440fed15c41318803f5c3e8e9bca9f3f2622ba6493

  • SHA512

    a1a743ef44e893a5e53227da772ae02d956fa7fe55ce743fbdcb9c8ad4408b5c43d20ebf62f2ac2aa52beaae94913499553a17b6ab4622db90f8b3a2cdef8406

  • SSDEEP

    49152:rLLcrlESak4OPj3p32a+9WC0FlvpL+pQJ3yDS:rkESaktL3p32atLL+WJ3yDS

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cab98e957f76ee0b71577440fed15c41318803f5c3e8e9bca9f3f2622ba6493_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2cab98e957f76ee0b71577440fed15c41318803f5c3e8e9bca9f3f2622ba6493_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1248
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -U S6NYV.6 /S
      2⤵
      • Loads dropped DLL
      PID:3244

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\S6NYV.6
          Filesize

          1.4MB

          MD5

          d87150edf96bc972cf3f7b9313bd9a72

          SHA1

          13fdf524a60953d8d82e36d666b2de6ab8dd7e34

          SHA256

          e18ec1d2b13c5e488726fa1da86daa1ca92f82163fc77e4fc60f0c415556ef35

          SHA512

          0043520135bcd2e30329639358149912192f5838e29eda194a6d7fe1fa85f983769e34c0410b46bbbce2e240e595007e8254e895675fc5120d68c31322bb17c5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\S6Nyv.6
          Filesize

          1.4MB

          MD5

          d87150edf96bc972cf3f7b9313bd9a72

          SHA1

          13fdf524a60953d8d82e36d666b2de6ab8dd7e34

          SHA256

          e18ec1d2b13c5e488726fa1da86daa1ca92f82163fc77e4fc60f0c415556ef35

          SHA512

          0043520135bcd2e30329639358149912192f5838e29eda194a6d7fe1fa85f983769e34c0410b46bbbce2e240e595007e8254e895675fc5120d68c31322bb17c5

          Download Submit

        • memory/3244-5-0x00000000001E0000-0x00000000001E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3244-4-0x0000000010000000-0x0000000010160000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3244-7-0x00000000021F0000-0x00000000022F3000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/3244-8-0x0000000002300000-0x00000000023EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/3244-11-0x0000000002300000-0x00000000023EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/3244-12-0x0000000002300000-0x00000000023EB000-memory.dmp

          Filesize

          940KB

          Download