e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce

Analysis

max time kernel
151s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30-09-2023 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe
Size

390KB
MD5

ca67abf1fa1beb803fc9ec496c68fe2e
SHA1

8f12daafc220b31bc9fa734fc8d9bf2075e1a765
SHA256

e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce
SHA512

f32812b6640b72d1556e64d92cf2ff5e22df0a2d36980ac3c7886bb11d8a3649c6bca0abb260620c4b35f4c80a8aa78f4119a6cf445b04c89a523796fa4e6ef9
SSDEEP

6144:1SItb2zQLw8XgTQedTHbLYKWYse50nE3QwYS5uIFXMgZTbc3OBZFNA9668NbZ+fa:1VLJDiwKzmwYS5sgZTbc3OBZFfbZ+fa

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe

description pid process

Token: SeDebugPrivilege 2020 e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe

description	pid	process
Token: SeDebugPrivilege	2020	e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe

C:\Users\Admin\AppData\Local\Temp\e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe
"C:\Users\Admin\AppData\Local\Temp\e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-0-0x000007FEF5030000-0x000007FEF5A1C000-memory.dmp

Filesize
9.9MB

Download
memory/2020-1-0x00000000003E0000-0x0000000000446000-memory.dmp

Filesize
408KB

Download
memory/2020-2-0x000000001B890000-0x000000001B910000-memory.dmp

Filesize
512KB

Download
memory/2020-3-0x000007FEF5030000-0x000007FEF5A1C000-memory.dmp

Filesize
9.9MB

Download
memory/2020-4-0x000000001B890000-0x000000001B910000-memory.dmp

Filesize
512KB

Download