90c852944bd7f79a5e496dd949b164e6f0189d46f487d5cc9fb8576af2670a72

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
Size

665KB
MD5

e8a1a3aacff0ec1cf1ac45b5f0d2e2b8
SHA1

2758a3689a6d6e3eba8899809663bf83685e2615
SHA256

90c852944bd7f79a5e496dd949b164e6f0189d46f487d5cc9fb8576af2670a72
SHA512

bbd0e091c0f9630c49367dbdd221c25e0b8ec2348f110f37b25a1dad52bcfc56d3303039e8d4831fd5c1f00f9f8b6ca03f098581b13960755d60d0dc1cd38d00
SSDEEP

3072:MGjhaq5iL0beJQZt32wLji5DlsODxRPNDkjJHzW9hUd56JsuBSjwA2i1vP2i1a1L:Hha8iAx+1zwjJHd6vB/ANMjr

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GGAAAG_LOADER = "C:\\Windows\\system32\\GAAG.exe"	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FifefoxUpdater = "C:\\Windows\\system32\\FifefoxUpdater.scr"	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WinSevenUpdater = "C:\\Windows\\system32\\AVSCANNER.EXE"	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GAAG.exe	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
File opened for modification	C:\Windows\SysWOW64\GAAG.exe	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
File created	C:\Windows\SysWOW64\FifefoxUpdater.scr	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
File opened for modification	C:\Windows\SysWOW64\FifefoxUpdater.scr	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
File created	C:\Windows\SysWOW64\AVSCANNER.EXE	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
File opened for modification	C:\Windows\SysWOW64\AVSCANNER.EXE	e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe

C:\Users\Admin\AppData\Local\Temp\e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe
"C:\Users\Admin\AppData\Local\Temp\e8a1a3aacff0ec1cf1ac45b5f0d2e2b8_JC.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\AVSCANNER.EXE

Filesize
675KB

MD5
67336ea710d4d953f5afef202360c77c

SHA1
4db3acf4d6f9da1b55f65b27d275ce0b3d34182e

SHA256
7e8c2fdededd49bcfca3d57dd443e7b3d73616b94559d78c74945287bb3fd75c

SHA512
c5e5bff64796a1adcdf2277d0187fc6dc851021fff08809b65920c6eabe19146020e90ef0f0c36ab51d2430382359a13e93b4bcc68ca191cc812777c9e84851e

Download Submit
memory/4620-0-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/4620-7-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads