Overview

overview

7

Static

static

3

6703c2ebfa...JC.exe

windows7-x64

7

6703c2ebfa...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2023 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6703c2ebfa23d877fca2700d84df2c6d_JC.exe

  • Size

    93KB

  • MD5

    6703c2ebfa23d877fca2700d84df2c6d

  • SHA1

    669791b37ce3fa167341f3524e8496fdd5b6eaa3

  • SHA256

    76883b3ae413d4bc4dbbf04177c2546214565eb297386260c9fd7e87ddc07959

  • SHA512

    5165396c34fd69bb3b789ad6628951d8675897753def622721e94c116984eba413041b1f332220d29bd0cd541118edaa87f162c7f702a7aadcd51ab18e0c3b8d

  • SSDEEP

    1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh7l:tiAyLN9qa+oEGrWViJSzIR6JJrWNZv

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6703c2ebfa23d877fca2700d84df2c6d_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\6703c2ebfa23d877fca2700d84df2c6d_JC.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3592
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:1844
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:1824
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3308

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Update\WwanSvc.exe
      Filesize

      93KB

      MD5

      5ab1d5a5ce278adcddf48bc1141a98d8

      SHA1

      b61733ba6df551102eef3cb09e532d747b97e252

      SHA256

      847cdba0c1036bf1041a7aa73dd33e403cf8531470937d7b3454f6a9dbcc658b

      SHA512

      f4c3be7ebb4b53616757b0ddf8ead738cb3d248bd6438880b67e5f0898e049e84597e667853793217a09a873eba33e9b25ee135740aac83c7cf96ee554f5b904

      Download Submit

    • C:\ProgramData\Update\WwanSvc.exe
      Filesize

      93KB

      MD5

      5ab1d5a5ce278adcddf48bc1141a98d8

      SHA1

      b61733ba6df551102eef3cb09e532d747b97e252

      SHA256

      847cdba0c1036bf1041a7aa73dd33e403cf8531470937d7b3454f6a9dbcc658b

      SHA512

      f4c3be7ebb4b53616757b0ddf8ead738cb3d248bd6438880b67e5f0898e049e84597e667853793217a09a873eba33e9b25ee135740aac83c7cf96ee554f5b904

      Download Submit

    • memory/3308-4-0x0000023C36C40000-0x0000023C36C50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3308-20-0x0000023C36D40000-0x0000023C36D50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3308-36-0x0000023C3F090000-0x0000023C3F091000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3308-38-0x0000023C3F0C0000-0x0000023C3F0C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3308-39-0x0000023C3F0C0000-0x0000023C3F0C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3308-40-0x0000023C3F1D0000-0x0000023C3F1D1000-memory.dmp

      Filesize

      4KB

      Download