Overview

overview

10

Static

static

3

861f8e5d32...JC.exe

windows7-x64

10

861f8e5d32...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2023, 18:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    861f8e5d3238197c75592040d4684d6e_JC.exe

  • Size

    250KB

  • MD5

    861f8e5d3238197c75592040d4684d6e

  • SHA1

    b2e23de32c9a22fb88e89c9ceadf3021faff8e47

  • SHA256

    82104e51aa56c8cdf2db7b4f6a85afa61a763ce0c11befd4c93301eb61d7efd6

  • SHA512

    cfa8a9d8e448ee009fc214a238154b4a221a44e7fc89debfb3420ac94283239e7f882c518fd1c4b233118c55883c6193251e028a76a7fc35de5c9e5839c43d0c

  • SSDEEP

    3072:XfVLWlTTbEGe9AJKlCvIUuqoWqnt5bdLFVgV:PVqdT3GcQ4TqjHVw

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\861f8e5d3238197c75592040d4684d6e_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\861f8e5d3238197c75592040d4684d6e_JC.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:568
    • C:\Program Files (x86)\fc8ce29e\jusched.exe
      "C:\Program Files (x86)\fc8ce29e\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:2436

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\fc8ce29e\fc8ce29e
          Filesize

          17B

          MD5

          713de2425165c8df1702f4fa73675b7c

          SHA1

          8776000c93a63c318fd1dc5765010ced1568ffa7

          SHA256

          27969b723db5b2dd9c284c3351d884a535a92e6dadc44a425054fa76626a2343

          SHA512

          9b5327edc09bca4846029bda05502e34711ee843fbeccf3328253fcd2f1b399601eb613350c49e1d06098831d7b3dc8f5b2e1d1651b44e070ba70c8fedf6cf44

          Download Submit

        • C:\Program Files (x86)\fc8ce29e\jusched.exe
          Filesize

          250KB

          MD5

          c760becd2248d1fde6c210e807910b8f

          SHA1

          08492da6b9c6dcb75fa4ad57a74e845f58970cfc

          SHA256

          bb69b71865b329e5f8c02e67c6df9d890f7617b14b522ecad9a9c5b2c5e88dc2

          SHA512

          6afd5819a3bb9e47f699bc25907c674ef4491e0d47efc177b171fa01ff72ffc2e28a071127b92722e1e1714b5129b237f9c5d1b55abf9e06dc60a1383785dbf4

          Download Submit

        • C:\Program Files (x86)\fc8ce29e\jusched.exe
          Filesize

          250KB

          MD5

          c760becd2248d1fde6c210e807910b8f

          SHA1

          08492da6b9c6dcb75fa4ad57a74e845f58970cfc

          SHA256

          bb69b71865b329e5f8c02e67c6df9d890f7617b14b522ecad9a9c5b2c5e88dc2

          SHA512

          6afd5819a3bb9e47f699bc25907c674ef4491e0d47efc177b171fa01ff72ffc2e28a071127b92722e1e1714b5129b237f9c5d1b55abf9e06dc60a1383785dbf4

          Download Submit

        • C:\Program Files (x86)\fc8ce29e\jusched.exe
          Filesize

          250KB

          MD5

          c760becd2248d1fde6c210e807910b8f

          SHA1

          08492da6b9c6dcb75fa4ad57a74e845f58970cfc

          SHA256

          bb69b71865b329e5f8c02e67c6df9d890f7617b14b522ecad9a9c5b2c5e88dc2

          SHA512

          6afd5819a3bb9e47f699bc25907c674ef4491e0d47efc177b171fa01ff72ffc2e28a071127b92722e1e1714b5129b237f9c5d1b55abf9e06dc60a1383785dbf4

          Download Submit

        • memory/568-0-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        • memory/568-15-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        • memory/2436-13-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        • memory/2436-17-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download