382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 17:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe
Size

597KB
MD5

1b6f267921c6bbfbc7d68a78bc04b801
SHA1

c65a7a826e24b2edf7755cd127df1526aba4d8e1
SHA256

382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2
SHA512

d32a08bd6f34d2d644850e15a400923b596cedfed12235fca0bdf98b0ef0fccb1f433b91b28f9a7fe4dc800c8d8db141de0dd5290e04183c8369d8c8f750f6a8
SSDEEP

12288:8MYnQ3j67SESV1eXl8OhA90LTpmgI8cb6V8ZvLCl+/AG+FZiGVBkTi/O4wMVf0e4:8BLTpmNFKXl+Z+iGTkYO4wMVf3qxw5o

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1304 set thread context of 2748	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe	90

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2748	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe
2748	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2748	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe	90
PID 1304 wrote to memory of 2748	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe	90
PID 1304 wrote to memory of 2748	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe	90
PID 1304 wrote to memory of 2748	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe	90
PID 1304 wrote to memory of 2748	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe	90
PID 1304 wrote to memory of 2748	1304	382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe	90

C:\Users\Admin\AppData\Local\Temp\382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe
"C:\Users\Admin\AppData\Local\Temp\382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\382569a59d1fb65e1d9a987191305ede9fc0f51219ec1b6dc281e21bf1e53db2_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-30-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-32-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-2-0x0000000005300000-0x0000000005386000-memory.dmp

Filesize
536KB

Download
memory/1304-3-0x0000000005940000-0x0000000005EE4000-memory.dmp

Filesize
5.6MB

Download
memory/1304-4-0x0000000005470000-0x0000000005502000-memory.dmp

Filesize
584KB

Download
memory/1304-5-0x0000000005510000-0x0000000005864000-memory.dmp

Filesize
3.3MB

Download
memory/1304-6-0x0000000005870000-0x0000000005882000-memory.dmp

Filesize
72KB

Download
memory/1304-7-0x0000000005380000-0x0000000005390000-memory.dmp

Filesize
64KB

Download
memory/1304-8-0x0000000005440000-0x000000000546A000-memory.dmp

Filesize
168KB

Download
memory/1304-10-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-9-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-12-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-14-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-16-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-18-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-20-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-22-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-24-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-26-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-28-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-1-0x00000000008F0000-0x000000000098C000-memory.dmp

Filesize
624KB

Download
memory/1304-34-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-0-0x0000000074A80000-0x0000000075230000-memory.dmp

Filesize
7.7MB

Download
memory/1304-36-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-38-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-40-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-42-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-44-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-46-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-48-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-50-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-52-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-54-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-56-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-58-0x0000000005440000-0x0000000005463000-memory.dmp

Filesize
140KB

Download
memory/1304-59-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/1304-60-0x0000000006390000-0x000000000642C000-memory.dmp

Filesize
624KB

Download
memory/1304-63-0x0000000074A80000-0x0000000075230000-memory.dmp

Filesize
7.7MB

Download
memory/2748-61-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2748-64-0x0000000001690000-0x00000000019DA000-memory.dmp

Filesize
3.3MB

Download
memory/2748-65-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download