Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
30-09-2023 16:45
Static task
static1
Behavioral task
behavioral1
Sample
e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe
-
Size
390KB
-
MD5
ca67abf1fa1beb803fc9ec496c68fe2e
-
SHA1
8f12daafc220b31bc9fa734fc8d9bf2075e1a765
-
SHA256
e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce
-
SHA512
f32812b6640b72d1556e64d92cf2ff5e22df0a2d36980ac3c7886bb11d8a3649c6bca0abb260620c4b35f4c80a8aa78f4119a6cf445b04c89a523796fa4e6ef9
-
SSDEEP
6144:1SItb2zQLw8XgTQedTHbLYKWYse50nE3QwYS5uIFXMgZTbc3OBZFNA9668NbZ+fa:1VLJDiwKzmwYS5sgZTbc3OBZFfbZ+fa
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exedescription pid process Token: SeDebugPrivilege 2020 e3a15c6736497a59a062eb612e69a68938b55266cdaa9dd03b20f3d3f4b784ce_JC.exe