Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    23/09/2023, 19:34

General

  • Target

    fa583b821101e18da1b8bc386ea46a31505501fada69f1a6b18087178c99bb31_JC.exe

  • Size

    1.3MB

  • MD5

    d6f1ffa454b8ba8e77176d147b0df30b

  • SHA1

    adadd0cb096367d7fc426590e3af616a9110b003

  • SHA256

    fa583b821101e18da1b8bc386ea46a31505501fada69f1a6b18087178c99bb31

  • SHA512

    d10338b6cafbea630cd372da0df31a7926d746bb184467d847c351ebc54984838cd90a028417607e00fa0542d7e788a3a39d1d22116f6f5651dcd0b10536853f

  • SSDEEP

    24576:gyTwwbwuxshAQkIlYmCi+qPojNMKP9rxvk5Gz4SR5OCrs05hcxDViUb2H:nTwwbwu6nf/t6NMKP9rlk5GzAa5cxxit

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 13 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 56 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa583b821101e18da1b8bc386ea46a31505501fada69f1a6b18087178c99bb31_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\fa583b821101e18da1b8bc386ea46a31505501fada69f1a6b18087178c99bb31_JC.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2928939.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2928939.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1696
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v9499496.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v9499496.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:1228
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v3156930.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v3156930.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:2744
          • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe
            C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            • Suspicious use of WriteProcessMemory
            PID:3060
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:2660
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 268
                7⤵
                • Program crash
                PID:2748
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 268
              6⤵
              • Loads dropped DLL
              • Program crash
              PID:3064

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2928939.exe

          Filesize

          1.2MB

          MD5

          307d45a98a7bc2138fa88fe31ae297a9

          SHA1

          9bc165a060c1e1b689b7b739a9de15f042b95959

          SHA256

          f55f899d92a0c9f42750acbb7905c79433df288ac87103bd99db82e6fa9db976

          SHA512

          46d8a20def46c93c4e2da913597936c816d0835e469a7faa79587fadfb5a284a5b86e661d36a6b943a6a03cb275ec67217ae09914af2d9dd178ff93b587269f7

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2928939.exe

          Filesize

          1.2MB

          MD5

          307d45a98a7bc2138fa88fe31ae297a9

          SHA1

          9bc165a060c1e1b689b7b739a9de15f042b95959

          SHA256

          f55f899d92a0c9f42750acbb7905c79433df288ac87103bd99db82e6fa9db976

          SHA512

          46d8a20def46c93c4e2da913597936c816d0835e469a7faa79587fadfb5a284a5b86e661d36a6b943a6a03cb275ec67217ae09914af2d9dd178ff93b587269f7

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v9499496.exe

          Filesize

          925KB

          MD5

          b0112f6fe3a8e7ff2cb2651b38a9b6d7

          SHA1

          ae492623fe09ec56edad07a922a591c23c570f64

          SHA256

          4d6613b12aa57cedeb2cd76df04bf86f3e4db4ba314fb9a180431444c07a95a8

          SHA512

          98e9ff3548d14fb3f67794b02ee0368e7c6f7ad0cf3817d8219f985507054516b07e7fc986021f35007e3f8cbb7b9f5b2651c50ee4829ac5ad934865bff0913f

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v9499496.exe

          Filesize

          925KB

          MD5

          b0112f6fe3a8e7ff2cb2651b38a9b6d7

          SHA1

          ae492623fe09ec56edad07a922a591c23c570f64

          SHA256

          4d6613b12aa57cedeb2cd76df04bf86f3e4db4ba314fb9a180431444c07a95a8

          SHA512

          98e9ff3548d14fb3f67794b02ee0368e7c6f7ad0cf3817d8219f985507054516b07e7fc986021f35007e3f8cbb7b9f5b2651c50ee4829ac5ad934865bff0913f

        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v3156930.exe

          Filesize

          533KB

          MD5

          0ff6eaed320d32cb6ae6d2d0fceec445

          SHA1

          eb23ce88dddee29662ce50fe9e2db72dd0c377c5

          SHA256

          9497409180a850e507aaa4e6cb97c410997e570ab30f5e373036dcceed4e9ade

          SHA512

          54661e2b42cc9c0722ac221408cfa718ac009cd0cadd37a5e3468ec918f5b7597435280f2fead4a99b523da11571398c07c1012db8fabb3069e73b92668dd6bb

        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v3156930.exe

          Filesize

          533KB

          MD5

          0ff6eaed320d32cb6ae6d2d0fceec445

          SHA1

          eb23ce88dddee29662ce50fe9e2db72dd0c377c5

          SHA256

          9497409180a850e507aaa4e6cb97c410997e570ab30f5e373036dcceed4e9ade

          SHA512

          54661e2b42cc9c0722ac221408cfa718ac009cd0cadd37a5e3468ec918f5b7597435280f2fead4a99b523da11571398c07c1012db8fabb3069e73b92668dd6bb

        • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • \Users\Admin\AppData\Local\Temp\IXP000.TMP\v2928939.exe

          Filesize

          1.2MB

          MD5

          307d45a98a7bc2138fa88fe31ae297a9

          SHA1

          9bc165a060c1e1b689b7b739a9de15f042b95959

          SHA256

          f55f899d92a0c9f42750acbb7905c79433df288ac87103bd99db82e6fa9db976

          SHA512

          46d8a20def46c93c4e2da913597936c816d0835e469a7faa79587fadfb5a284a5b86e661d36a6b943a6a03cb275ec67217ae09914af2d9dd178ff93b587269f7

        • \Users\Admin\AppData\Local\Temp\IXP000.TMP\v2928939.exe

          Filesize

          1.2MB

          MD5

          307d45a98a7bc2138fa88fe31ae297a9

          SHA1

          9bc165a060c1e1b689b7b739a9de15f042b95959

          SHA256

          f55f899d92a0c9f42750acbb7905c79433df288ac87103bd99db82e6fa9db976

          SHA512

          46d8a20def46c93c4e2da913597936c816d0835e469a7faa79587fadfb5a284a5b86e661d36a6b943a6a03cb275ec67217ae09914af2d9dd178ff93b587269f7

        • \Users\Admin\AppData\Local\Temp\IXP001.TMP\v9499496.exe

          Filesize

          925KB

          MD5

          b0112f6fe3a8e7ff2cb2651b38a9b6d7

          SHA1

          ae492623fe09ec56edad07a922a591c23c570f64

          SHA256

          4d6613b12aa57cedeb2cd76df04bf86f3e4db4ba314fb9a180431444c07a95a8

          SHA512

          98e9ff3548d14fb3f67794b02ee0368e7c6f7ad0cf3817d8219f985507054516b07e7fc986021f35007e3f8cbb7b9f5b2651c50ee4829ac5ad934865bff0913f

        • \Users\Admin\AppData\Local\Temp\IXP001.TMP\v9499496.exe

          Filesize

          925KB

          MD5

          b0112f6fe3a8e7ff2cb2651b38a9b6d7

          SHA1

          ae492623fe09ec56edad07a922a591c23c570f64

          SHA256

          4d6613b12aa57cedeb2cd76df04bf86f3e4db4ba314fb9a180431444c07a95a8

          SHA512

          98e9ff3548d14fb3f67794b02ee0368e7c6f7ad0cf3817d8219f985507054516b07e7fc986021f35007e3f8cbb7b9f5b2651c50ee4829ac5ad934865bff0913f

        • \Users\Admin\AppData\Local\Temp\IXP002.TMP\v3156930.exe

          Filesize

          533KB

          MD5

          0ff6eaed320d32cb6ae6d2d0fceec445

          SHA1

          eb23ce88dddee29662ce50fe9e2db72dd0c377c5

          SHA256

          9497409180a850e507aaa4e6cb97c410997e570ab30f5e373036dcceed4e9ade

          SHA512

          54661e2b42cc9c0722ac221408cfa718ac009cd0cadd37a5e3468ec918f5b7597435280f2fead4a99b523da11571398c07c1012db8fabb3069e73b92668dd6bb

        • \Users\Admin\AppData\Local\Temp\IXP002.TMP\v3156930.exe

          Filesize

          533KB

          MD5

          0ff6eaed320d32cb6ae6d2d0fceec445

          SHA1

          eb23ce88dddee29662ce50fe9e2db72dd0c377c5

          SHA256

          9497409180a850e507aaa4e6cb97c410997e570ab30f5e373036dcceed4e9ade

          SHA512

          54661e2b42cc9c0722ac221408cfa718ac009cd0cadd37a5e3468ec918f5b7597435280f2fead4a99b523da11571398c07c1012db8fabb3069e73b92668dd6bb

        • \Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • \Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • \Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • \Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • \Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • \Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • \Users\Admin\AppData\Local\Temp\IXP003.TMP\a9258703.exe

          Filesize

          1.0MB

          MD5

          b41b4f3feb628a4d634413c9b36590d4

          SHA1

          1bfff900299b6f304b0645a830ca3b672675ae23

          SHA256

          0ce7631ec0405ca285e8ee8c6363a9726f01ce991e5593592f6fb3a473c2046d

          SHA512

          e0b8a678b55c312dfb85ed5764a134340573615e105f6248cc10a464d8413f80d780e57cb3c34908e5f884794e083bf5172d5bf45503f705e1871951595c8835

        • memory/2660-47-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-50-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-45-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-43-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-52-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-54-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-49-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

        • memory/2660-48-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-46-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2660-44-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB