Analysis
-
max time kernel
149s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11/10/2023, 13:32
General
-
Target
1ff6d8cd7f342accddddf9d8b122708e_JC.exe
-
Size
442KB
-
MD5
1ff6d8cd7f342accddddf9d8b122708e
-
SHA1
a8d8c2c718deaf12f2154ff815efa4b4d8c4390e
-
SHA256
e49b60a8657611d763d9d715b1b91741f77c671a617b5a4efe65dd59ef8bf2fb
-
SHA512
d1c6e18d0f5f94609f791372748d84c568cd975551e97ee96696d46bc85b33369b41f297df1d60c70cd93f417e0aaa915af9736c520fccddbd99e722a62d96ec
-
SSDEEP
3072:Ul2Ba4RFiNS0XNPnNVEgkqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTtiOx:YSvRFKln/Egkym/89bifPidzIEZ/VZ
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ff6d8cd7f342accddddf9d8b122708e_JC.exe"C:\Users\Admin\AppData\Local\Temp\1ff6d8cd7f342accddddf9d8b122708e_JC.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehkclgmb.exeC:\Windows\system32\Ehkclgmb.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgppmd32.exeC:\Windows\system32\Fgppmd32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fddqghpd.exeC:\Windows\system32\Fddqghpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fdfmlhna.exeC:\Windows\system32\Fdfmlhna.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fdijbg32.exeC:\Windows\system32\Fdijbg32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdppbfff.exeC:\Windows\system32\Gdppbfff.exe7⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gadqlkep.exeC:\Windows\system32\Gadqlkep.exe8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ngmpcn32.exeC:\Windows\system32\Ngmpcn32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Npedmdab.exeC:\Windows\system32\Npedmdab.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Niniei32.exeC:\Windows\system32\Niniei32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ncfmno32.exeC:\Windows\system32\Ncfmno32.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Nlnbgddc.exeC:\Windows\system32\Nlnbgddc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ngdfdmdi.exeC:\Windows\system32\Ngdfdmdi.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Nookip32.exeC:\Windows\system32\Nookip32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oeicejia.exeC:\Windows\system32\Oeicejia.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ocmconhk.exeC:\Windows\system32\Ocmconhk.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oiihahme.exeC:\Windows\system32\Oiihahme.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oileggkb.exeC:\Windows\system32\Oileggkb.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ogpepl32.exeC:\Windows\system32\Ogpepl32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ophjiaql.exeC:\Windows\system32\Ophjiaql.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pcicklnn.exeC:\Windows\system32\Pcicklnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Poodpmca.exeC:\Windows\system32\Poodpmca.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Plcdiabk.exeC:\Windows\system32\Plcdiabk.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgihfj32.exeC:\Windows\system32\Pgihfj32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pleaoa32.exeC:\Windows\system32\Pleaoa32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qgnbaj32.exeC:\Windows\system32\Qgnbaj32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qhonib32.exeC:\Windows\system32\Qhonib32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qfbobf32.exeC:\Windows\system32\Qfbobf32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ajqgidij.exeC:\Windows\system32\Ajqgidij.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Agdhbi32.exeC:\Windows\system32\Agdhbi32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afjeceml.exeC:\Windows\system32\Afjeceml.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aflaie32.exeC:\Windows\system32\Aflaie32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aijnep32.exeC:\Windows\system32\Aijnep32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aglnbhal.exeC:\Windows\system32\Aglnbhal.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Amhfkopc.exeC:\Windows\system32\Amhfkopc.exe22⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bgnkhg32.exeC:\Windows\system32\Bgnkhg32.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Biogppeg.exeC:\Windows\system32\Biogppeg.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bcelmhen.exeC:\Windows\system32\Bcelmhen.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bjodjb32.exeC:\Windows\system32\Bjodjb32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Boklbi32.exeC:\Windows\system32\Boklbi32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bmomlnjk.exeC:\Windows\system32\Bmomlnjk.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hkdjfb32.exeC:\Windows\system32\Hkdjfb32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akepfpcl.exeC:\Windows\system32\Akepfpcl.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcedmkmp.exeC:\Windows\system32\Hcedmkmp.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jnpjlajn.exeC:\Windows\system32\Jnpjlajn.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jdmcdhhe.exeC:\Windows\system32\Jdmcdhhe.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbbmmo32.exeC:\Windows\system32\Jbbmmo32.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pkklbh32.exeC:\Windows\system32\Pkklbh32.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pecpknke.exeC:\Windows\system32\Pecpknke.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkmhgh32.exeC:\Windows\system32\Pkmhgh32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmlhaa32.exeC:\Windows\system32\Nmlhaa32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kaflio32.exeC:\Windows\system32\Kaflio32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onqdhh32.exeC:\Windows\system32\Onqdhh32.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jfbdpabn.exeC:\Windows\system32\Jfbdpabn.exe41⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jekpljgg.exeC:\Windows\system32\Jekpljgg.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhelddln.exeC:\Windows\system32\Lhelddln.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmcejbbd.exeC:\Windows\system32\Lmcejbbd.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lndaaj32.exeC:\Windows\system32\Lndaaj32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhjeoc32.exeC:\Windows\system32\Lhjeoc32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lbbjhini.exeC:\Windows\system32\Lbbjhini.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfpcngdo.exeC:\Windows\system32\Lfpcngdo.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmjkka32.exeC:\Windows\system32\Lmjkka32.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnkgbibj.exeC:\Windows\system32\Lnkgbibj.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lfbpcgbl.exeC:\Windows\system32\Lfbpcgbl.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mmlhpaji.exeC:\Windows\system32\Mmlhpaji.exe52⤵
-
C:\Windows\SysWOW64\Mokdllim.exeC:\Windows\system32\Mokdllim.exe53⤵
-
C:\Windows\SysWOW64\Megldcgd.exeC:\Windows\system32\Megldcgd.exe54⤵
-
C:\Windows\SysWOW64\Mmodfqhf.exeC:\Windows\system32\Mmodfqhf.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mieeka32.exeC:\Windows\system32\Mieeka32.exe56⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Moomgl32.exeC:\Windows\system32\Moomgl32.exe57⤵
-
C:\Windows\SysWOW64\Melfpb32.exeC:\Windows\system32\Melfpb32.exe58⤵
-
C:\Windows\SysWOW64\Mkfnlmkl.exeC:\Windows\system32\Mkfnlmkl.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mijofaje.exeC:\Windows\system32\Mijofaje.exe60⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mbbcofpf.exeC:\Windows\system32\Mbbcofpf.exe61⤵
-
C:\Windows\SysWOW64\Nilkkq32.exeC:\Windows\system32\Nilkkq32.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Neclpamg.exeC:\Windows\system32\Neclpamg.exe63⤵
-
C:\Windows\SysWOW64\Npkmcj32.exeC:\Windows\system32\Npkmcj32.exe64⤵
-
C:\Windows\SysWOW64\Nehekq32.exeC:\Windows\system32\Nehekq32.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nnpjdfpb.exeC:\Windows\system32\Nnpjdfpb.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nifnao32.exeC:\Windows\system32\Nifnao32.exe67⤵
-
C:\Windows\SysWOW64\Nppfnige.exeC:\Windows\system32\Nppfnige.exe68⤵
-
C:\Windows\SysWOW64\Ofjokc32.exeC:\Windows\system32\Ofjokc32.exe69⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oihkgo32.exeC:\Windows\system32\Oihkgo32.exe70⤵
-
C:\Windows\SysWOW64\Onecof32.exeC:\Windows\system32\Onecof32.exe71⤵
-
C:\Windows\SysWOW64\Oflkqc32.exeC:\Windows\system32\Oflkqc32.exe72⤵
-
C:\Windows\SysWOW64\Omfcmm32.exeC:\Windows\system32\Omfcmm32.exe73⤵
-
C:\Windows\SysWOW64\Onjmjegg.exeC:\Windows\system32\Onjmjegg.exe74⤵
-
C:\Windows\SysWOW64\Oecego32.exeC:\Windows\system32\Oecego32.exe75⤵
-
C:\Windows\SysWOW64\Opiidhoj.exeC:\Windows\system32\Opiidhoj.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oianmm32.exeC:\Windows\system32\Oianmm32.exe77⤵
-
C:\Windows\SysWOW64\Ponfed32.exeC:\Windows\system32\Ponfed32.exe78⤵
-
C:\Windows\SysWOW64\Pidjcm32.exeC:\Windows\system32\Pidjcm32.exe79⤵
-
C:\Windows\SysWOW64\Ppnbpg32.exeC:\Windows\system32\Ppnbpg32.exe80⤵
-
C:\Windows\SysWOW64\Pifghmae.exeC:\Windows\system32\Pifghmae.exe81⤵
-
C:\Windows\SysWOW64\Pocpqcpm.exeC:\Windows\system32\Pocpqcpm.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pemhmn32.exeC:\Windows\system32\Pemhmn32.exe83⤵
-
C:\Windows\SysWOW64\Ppblkffp.exeC:\Windows\system32\Ppblkffp.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Peodcmeg.exeC:\Windows\system32\Peodcmeg.exe85⤵
-
C:\Windows\SysWOW64\Ppeipfdm.exeC:\Windows\system32\Ppeipfdm.exe86⤵
-
C:\Windows\SysWOW64\Pbcelacq.exeC:\Windows\system32\Pbcelacq.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pimmil32.exeC:\Windows\system32\Pimmil32.exe88⤵
-
C:\Windows\SysWOW64\Pllieg32.exeC:\Windows\system32\Pllieg32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qbeaba32.exeC:\Windows\system32\Qbeaba32.exe90⤵
-
C:\Windows\SysWOW64\Qednnm32.exeC:\Windows\system32\Qednnm32.exe91⤵
-
C:\Windows\SysWOW64\Qmkfoj32.exeC:\Windows\system32\Qmkfoj32.exe92⤵
-
C:\Windows\SysWOW64\Qbhnga32.exeC:\Windows\system32\Qbhnga32.exe93⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qmnbej32.exeC:\Windows\system32\Qmnbej32.exe94⤵
-
C:\Windows\SysWOW64\Aooolbep.exeC:\Windows\system32\Aooolbep.exe95⤵
-
C:\Windows\SysWOW64\Aeigilml.exeC:\Windows\system32\Aeigilml.exe96⤵
-
C:\Windows\SysWOW64\Albpff32.exeC:\Windows\system32\Albpff32.exe97⤵
-
C:\Windows\SysWOW64\Abmhbplf.exeC:\Windows\system32\Abmhbplf.exe98⤵
-
C:\Windows\SysWOW64\Aekdolkj.exeC:\Windows\system32\Aekdolkj.exe99⤵
-
C:\Windows\SysWOW64\Alelkf32.exeC:\Windows\system32\Alelkf32.exe100⤵
-
C:\Windows\SysWOW64\Aochga32.exeC:\Windows\system32\Aochga32.exe101⤵
-
C:\Windows\SysWOW64\Ccdgjm32.exeC:\Windows\system32\Ccdgjm32.exe102⤵
-
C:\Windows\SysWOW64\Cfglahbj.exeC:\Windows\system32\Cfglahbj.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cggikk32.exeC:\Windows\system32\Cggikk32.exe104⤵
-
C:\Windows\SysWOW64\Dqomdppm.exeC:\Windows\system32\Dqomdppm.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dodjemee.exeC:\Windows\system32\Dodjemee.exe106⤵
-
C:\Windows\SysWOW64\Dfnbbg32.exeC:\Windows\system32\Dfnbbg32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dofgklcb.exeC:\Windows\system32\Dofgklcb.exe108⤵
-
C:\Windows\SysWOW64\Dnjdncio.exeC:\Windows\system32\Dnjdncio.exe109⤵
-
C:\Windows\SysWOW64\Enlqdc32.exeC:\Windows\system32\Enlqdc32.exe110⤵
-
C:\Windows\SysWOW64\Efgehe32.exeC:\Windows\system32\Efgehe32.exe111⤵
-
C:\Windows\SysWOW64\Emanepld.exeC:\Windows\system32\Emanepld.exe112⤵
-
C:\Windows\SysWOW64\Ejennd32.exeC:\Windows\system32\Ejennd32.exe113⤵
-
C:\Windows\SysWOW64\Eqpfknbj.exeC:\Windows\system32\Eqpfknbj.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Egiohh32.exeC:\Windows\system32\Egiohh32.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fqiiamjp.exeC:\Windows\system32\Fqiiamjp.exe116⤵
-
C:\Windows\SysWOW64\Fgcang32.exeC:\Windows\system32\Fgcang32.exe117⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fmpjfn32.exeC:\Windows\system32\Fmpjfn32.exe118⤵
-
C:\Windows\SysWOW64\Gcceifof.exeC:\Windows\system32\Gcceifof.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gfaaebnj.exeC:\Windows\system32\Gfaaebnj.exe120⤵
-
C:\Windows\SysWOW64\Gagebknp.exeC:\Windows\system32\Gagebknp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-