Overview

overview

10

Static

static

3

b5a8e38c61...JC.exe

windows7-x64

10

b5a8e38c61...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2023 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5a8e38c619dbada6cf0118f19fc6e13_JC.exe

  • Size

    486KB

  • MD5

    b5a8e38c619dbada6cf0118f19fc6e13

  • SHA1

    3bd351afc5a1c8305edd4270bca66b4a552a29d4

  • SHA256

    13a40ed4f7d7d70c006b23c712334bd0fe2afc6276e507871ba6c90fc3b3834a

  • SHA512

    be2ff87610ee37954d02b13905afc0d327dbd8a4480778a8a2a62d6e78ff013c8d45d7f3ac2fb14b786d8ead2b96e7cbc9907b65441ef252b9edf2ba689ec543

  • SSDEEP

    12288:JdMcjIoJ+EJaFy7sswHRFePMlJhWwSAOfohQWt5Av4M9q8:JWoh+dyBGRU0PhnSdoHtidq8

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5a8e38c619dbada6cf0118f19fc6e13_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\b5a8e38c619dbada6cf0118f19fc6e13_JC.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:1064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCX73CB.tmp
    Filesize

    38KB

    MD5

    3ff0d0dc6680f4db4a913c60a2fb2b64

    SHA1

    8dd1cbfb28a9e28ca35231e7570cdea70d511e42

    SHA256

    288a370a6d538d6ccb7572a5737ba1b3f4d1fa34602d3026b466c7c24442fa5e

    SHA512

    c1b13ee0add705cca6458efbe502457fa7d999d8321ae4af0d0f38afa7aaf8fc92af3cdb3c9138ec16766334fc3e6e9108ac17c7fe7fc963ed8c4fd6929ce1ef

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zG.exe
    Filesize

    567KB

    MD5

    5abd1732633e568f0ce231cc73b2cde7

    SHA1

    07db368bc45b7629bc8128756ba1a8197773f6dc

    SHA256

    50713c54ec31c09b73ad1581b1c59d820a2f4641e83637a868046f6cf5c01d9c

    SHA512

    5b392d360d8632aef1523be3a41f74111b2a6baac5a73b66baa33c989b51908372f34f5b00eed1b51c6a633ced3d246c61cd04e37992560d0e3183219f17b4b6

    Download Submit

  • memory/1064-107-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-108-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-39-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-40-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-4-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-104-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-105-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-106-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-0-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-34-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-109-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-110-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-111-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-112-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-113-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-114-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-115-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1064-116-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download