Overview

overview

10

Static

static

3

1fff4bcc2d...JC.exe

windows7-x64

10

1fff4bcc2d...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2023, 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fff4bcc2d8c4691d0e3c1d311fe147c_JC.exe

  • Size

    361KB

  • MD5

    1fff4bcc2d8c4691d0e3c1d311fe147c

  • SHA1

    992e99373a995f187fd079170c3610c5e49a912f

  • SHA256

    fad044a2cc7e381bc42852e856d0dd24e0dfae085d837313aaf14c3fc26df7ea

  • SHA512

    fe40d7c091df7defa4605122288e3fb184c799f7bc6d3582f333279087728e038b52aafc6c5b4a27b808288662e3777584cf47a847cf20d57b350f3b3f30bbee

  • SSDEEP

    6144:D+XAyHCjhFMAJgLDe78lEQztqu9/WAv9Bism/pIzH5JDs528EtsofH+n1Jzgt4u:JaObQRd3nUiZi4tst1J0tR

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fff4bcc2d8c4691d0e3c1d311fe147c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1fff4bcc2d8c4691d0e3c1d311fe147c_JC.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\jabswitch.exe
    Filesize

    79KB

    MD5

    4d68e306cd83fd17055fd206f86a65b4

    SHA1

    1c180e4b53fb081f03b469b81cfe68434dae54f5

    SHA256

    686caf72ff5daea4f2ce18328f91e36b98dd0f725d873c23c6fec15495d1623c

    SHA512

    401c0267bec7b0ba652a5d15456aa23d1c193e89505d99f95cebae81258ab1d8722e1257f8096c6219960dd5bd7cc96afd53ae6664ac8a912114f1305e068737

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7z.exe
    Filesize

    458KB

    MD5

    301824c87b9b96f8aeed148089e273f7

    SHA1

    b7f3d66720331b6358d967344a9dd445c5c32938

    SHA256

    9ab085b3e94d5aff5c4d79932c6220de3f4208027e0be989fd38e15039efa638

    SHA512

    dc07ec6c58dad365c16f1fbe9e065268ff6cd575b86428790a35677e215f06456181f5971bde2daa9b6e680be7cc20e4fb1e4e4d97532e80ae18682964f4ebd3

    Download Submit

  • memory/2124-29-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-30-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-23-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-24-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-25-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-26-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-27-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-28-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-0-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-22-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-31-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-32-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-33-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-34-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-37-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-38-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-59-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2124-1-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download