Overview

overview

10

Static

static

3

8d3f622b89...JC.exe

windows7-x64

10

8d3f622b89...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    163s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2023 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d3f622b8952892016c0b582c33687d8_JC.exe

  • Size

    704KB

  • MD5

    8d3f622b8952892016c0b582c33687d8

  • SHA1

    9d1e76efcb39695a5ee663e69e567848a719176d

  • SHA256

    bc704212e1f9c40781d39d0a9e2ebc5a261ae228d3b3d8705e170d65b69daba2

  • SHA512

    53c7c8b96a3756f0c94558cbf6dc0cf80438f20275a31db349a2bddab660f453c80b767f8d24ef2128bfedc68401c2963dbbade6c45c5bf945bdfa92647d0873

  • SSDEEP

    12288:VXgvmzFHi0mo5aH0qMzd5807FyPJQPDHvd:VXgvOHi0mGaH0qSdPFM4V

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 3 IoCs
    persistence
  • UAC bypass 3 TTPs 12 IoCs
    evasiontrojan
  • Adds policy Run key to start application 2 TTPs 29 IoCs
    persistence
  • Disables RegEdit via registry modification 6 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 64 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 6 IoCs
    evasiontrojan
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • System policy modification 1 TTPs 39 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d3f622b8952892016c0b582c33687d8_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\8d3f622b8952892016c0b582c33687d8_JC.exe"
    1⤵
    • Modifies WinLogon for persistence
    • UAC bypass
    • Adds policy Run key to start application
    • Disables RegEdit via registry modification
    • Loads dropped DLL
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2392
    • C:\Users\Admin\AppData\Local\Temp\veqrves.exe
      "C:\Users\Admin\AppData\Local\Temp\veqrves.exe" "-"
      2⤵
      • Modifies WinLogon for persistence
      • UAC bypass
      • Adds policy Run key to start application
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • System policy modification
      PID:2076
    • C:\Users\Admin\AppData\Local\Temp\veqrves.exe
      "C:\Users\Admin\AppData\Local\Temp\veqrves.exe" "-"
      2⤵
      • Modifies WinLogon for persistence
      • UAC bypass
      • Adds policy Run key to start application
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • System policy modification
      PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\cgnjimvqqvdezyrxlwmqxtsw.aaf
    Filesize

    280B

    MD5

    de3099e7ef70b363db1422d3eefe7ece

    SHA1

    72e5ba4e4ee4cc5f7427d916d8f7531c1a882ed8

    SHA256

    8a54d4b1137d01ce7db6d757fe8d0a2ef174f2b5b988772b7f00d19700df5e8f

    SHA512

    5eb917ac4a7edf92fd1cbe742ea06d5370fc9b08ce294c5ab37321e10f0c4f94a638af1e7291900ba57e094cbf585da0057b2f45857214687e3ca9c04c4d189c

    Download Submit

  • C:\Program Files (x86)\cgnjimvqqvdezyrxlwmqxtsw.aaf
    Filesize

    280B

    MD5

    24d3909098d97109ebb7e54fe043d164

    SHA1

    b495324ed4ad9dfa019c551faf6197bd227310a7

    SHA256

    b51355b190e0e49d4340ef196286f9b446cad9cc613b1f2cf08d6b24d4197eb4

    SHA512

    82f3867259d4062e4c2d88b9c75ac2a48aae70cd2f10ebd4b2c171f7c1d804a0ac1d8c1b149ff1a481fcfcb2ddd3292576ec76be09be6d42ba4d2bfe4c07ac0b

    Download Submit

  • C:\Program Files (x86)\cgnjimvqqvdezyrxlwmqxtsw.aaf
    Filesize

    280B

    MD5

    ec14a17db789d0cbce0f9894ad54a02f

    SHA1

    651cc7d6920e036c0d3ca3f3f1313dedadfd73d6

    SHA256

    083e1aab00b2951d1c4b5c15052e09503d10555000b3064f16e69eb6e85a4b0b

    SHA512

    b7f0bfd11f7f05e20be622988a14c38ace05d6943f546a2f09d76406243281c3cec850ffe120c09ffc0d95031a8826b51aa6fc57180a258393d518bc12b62c0c

    Download Submit

  • C:\Program Files (x86)\cgnjimvqqvdezyrxlwmqxtsw.aaf
    Filesize

    280B

    MD5

    0618144df5e8943445bb35b7b7d92d33

    SHA1

    cef870d2749ab03ad15999c4389763f5fb402ae6

    SHA256

    920e1d9582a391358b8885f47809f3c0a0ec91ae59175e2f8bc7c0a994f3b575

    SHA512

    40d6642b3dfe350d240acc63e7d9e91ed20830a1b06291d2ecd2fd38bdaf58da19322c8937453440933f2090606c97b70a2c34e19dcad1ec09d3c90ebac0d0cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\veqrves.exe
    Filesize

    1.2MB

    MD5

    92586578a1e0fb72ab12fbdf58a62f07

    SHA1

    61d8f260192d5064155f0903f9c648cf44d6b6bd

    SHA256

    915acbe33e856093b8023f44e0ba3670fc8bc7f1fb62a3c072c1af506cf643b0

    SHA512

    74605c8ce7ea5e852753a2e8b09e591fe5301a44ab07b934e2bd44c02f3a8ffe524524d1cca124c82a3003b7abee56f5c7e9241f42a7347e5977adec137f579c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\veqrves.exe
    Filesize

    1.2MB

    MD5

    92586578a1e0fb72ab12fbdf58a62f07

    SHA1

    61d8f260192d5064155f0903f9c648cf44d6b6bd

    SHA256

    915acbe33e856093b8023f44e0ba3670fc8bc7f1fb62a3c072c1af506cf643b0

    SHA512

    74605c8ce7ea5e852753a2e8b09e591fe5301a44ab07b934e2bd44c02f3a8ffe524524d1cca124c82a3003b7abee56f5c7e9241f42a7347e5977adec137f579c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\veqrves.exe
    Filesize

    1.2MB

    MD5

    92586578a1e0fb72ab12fbdf58a62f07

    SHA1

    61d8f260192d5064155f0903f9c648cf44d6b6bd

    SHA256

    915acbe33e856093b8023f44e0ba3670fc8bc7f1fb62a3c072c1af506cf643b0

    SHA512

    74605c8ce7ea5e852753a2e8b09e591fe5301a44ab07b934e2bd44c02f3a8ffe524524d1cca124c82a3003b7abee56f5c7e9241f42a7347e5977adec137f579c

    Download Submit

  • C:\Users\Admin\AppData\Local\cgnjimvqqvdezyrxlwmqxtsw.aaf
    Filesize

    280B

    MD5

    098f3b4c2cffdf4c218f197011354414

    SHA1

    86b9326e53f723373ef93a1703ef52f7650b4460

    SHA256

    716f42e50876bed8abc3acf39682bbba0da7c08772730fd1d3190544eda816de

    SHA512

    934ac940b6c8bd964c1f64d4d7eee957168e7f283c723a48dff83f39e6566194642542bc6228656b88ea691f20fd6a18bf9fda433d88ff2be01784d1dca12467

    Download Submit

  • C:\Users\Admin\AppData\Local\laszjysyjzsekuypoklaszjysyjzsekuypo.las
    Filesize

    4KB

    MD5

    e00bb5e1793142347e599a087703f3da

    SHA1

    6159d4ca15abbe6e7b575795fbba252ae3421292

    SHA256

    ee0534cb72f1910c0525ea977d6411e4804d93ba0be00afcd095f390ba353555

    SHA512

    4d85bc2cbb134641686135998ba91355ed74ab61d65f226a9f25932987727cb4e928e693d0e6c2640d69fc43d2ab4655c4796a70d1faa6cd7275f745cf443f01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\veqrves.exe
    Filesize

    1.2MB

    MD5

    92586578a1e0fb72ab12fbdf58a62f07

    SHA1

    61d8f260192d5064155f0903f9c648cf44d6b6bd

    SHA256

    915acbe33e856093b8023f44e0ba3670fc8bc7f1fb62a3c072c1af506cf643b0

    SHA512

    74605c8ce7ea5e852753a2e8b09e591fe5301a44ab07b934e2bd44c02f3a8ffe524524d1cca124c82a3003b7abee56f5c7e9241f42a7347e5977adec137f579c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\veqrves.exe
    Filesize

    1.2MB

    MD5

    92586578a1e0fb72ab12fbdf58a62f07

    SHA1

    61d8f260192d5064155f0903f9c648cf44d6b6bd

    SHA256

    915acbe33e856093b8023f44e0ba3670fc8bc7f1fb62a3c072c1af506cf643b0

    SHA512

    74605c8ce7ea5e852753a2e8b09e591fe5301a44ab07b934e2bd44c02f3a8ffe524524d1cca124c82a3003b7abee56f5c7e9241f42a7347e5977adec137f579c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\veqrves.exe
    Filesize

    1.2MB

    MD5

    92586578a1e0fb72ab12fbdf58a62f07

    SHA1

    61d8f260192d5064155f0903f9c648cf44d6b6bd

    SHA256

    915acbe33e856093b8023f44e0ba3670fc8bc7f1fb62a3c072c1af506cf643b0

    SHA512

    74605c8ce7ea5e852753a2e8b09e591fe5301a44ab07b934e2bd44c02f3a8ffe524524d1cca124c82a3003b7abee56f5c7e9241f42a7347e5977adec137f579c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\veqrves.exe
    Filesize

    1.2MB

    MD5

    92586578a1e0fb72ab12fbdf58a62f07

    SHA1

    61d8f260192d5064155f0903f9c648cf44d6b6bd

    SHA256

    915acbe33e856093b8023f44e0ba3670fc8bc7f1fb62a3c072c1af506cf643b0

    SHA512

    74605c8ce7ea5e852753a2e8b09e591fe5301a44ab07b934e2bd44c02f3a8ffe524524d1cca124c82a3003b7abee56f5c7e9241f42a7347e5977adec137f579c

    Download Submit