51eac1e47fc630b44c3d502997323c22cebca5a111756fba87fc670ac30c8823

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce3b2c95ea9d5cec59180c2388d75de0_JC.exe
Size

93KB
MD5

ce3b2c95ea9d5cec59180c2388d75de0
SHA1

5c957b5e50d11b7f56dc5fab22accad0d1327415
SHA256

51eac1e47fc630b44c3d502997323c22cebca5a111756fba87fc670ac30c8823
SHA512

a56b06db751c40e18fc730b6e8483045f5b7b9a9234d989c40ec577baf7d6e692004e2292d6bfb7ecaa5700c8e27ffbb8b5f3f83255ff1dc2b4a6ba88376eedc
SSDEEP

1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh7I:tiAyLN9qa+oEGrWViJSzIR6JJrWNZm

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
764	WwanSvc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\WwanSvc.exe\" /run"	ce3b2c95ea9d5cec59180c2388d75de0_JC.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 764	3064	ce3b2c95ea9d5cec59180c2388d75de0_JC.exe	50
PID 3064 wrote to memory of 764	3064	ce3b2c95ea9d5cec59180c2388d75de0_JC.exe	50
PID 3064 wrote to memory of 764	3064	ce3b2c95ea9d5cec59180c2388d75de0_JC.exe	50

C:\Users\Admin\AppData\Local\Temp\ce3b2c95ea9d5cec59180c2388d75de0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\ce3b2c95ea9d5cec59180c2388d75de0_JC.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3064
- C:\ProgramData\Update\WwanSvc.exe
  "C:\ProgramData\Update\WwanSvc.exe" /run
  2⤵
  - Executes dropped EXE
  PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
8a54769a0bfbce844ae893e5e6c9c22d

SHA1
b2cfd0c5963bd3b4379ff138565b29033e5c983e

SHA256
bc60b188e3dbb07707b277bbe5ffaa6ca150530f0b16ef0ef3d6179d469e3b9c

SHA512
481948b5276860210245350ee34b496aa834465be117c0ca5cac632181c000cc5518b9613c7b71e26fb0ef13c1cfd94d2aa3ec37c5e4162a6df004579925f55c

Download Submit
C:\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
8a54769a0bfbce844ae893e5e6c9c22d

SHA1
b2cfd0c5963bd3b4379ff138565b29033e5c983e

SHA256
bc60b188e3dbb07707b277bbe5ffaa6ca150530f0b16ef0ef3d6179d469e3b9c

SHA512
481948b5276860210245350ee34b496aa834465be117c0ca5cac632181c000cc5518b9613c7b71e26fb0ef13c1cfd94d2aa3ec37c5e4162a6df004579925f55c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads