6e1c9f3c56ac2e7340ebc8d29ac2a4e6a0cb40b5442be00aa0e2bd38b3a868c1

Analysis

max time kernel
131s
max time network
155s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 14:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

146c23e2fa312567aabb9dad355e98d9_JC.exe
Size

397KB
MD5

146c23e2fa312567aabb9dad355e98d9
SHA1

b2a8b373939d7e3bee10f02040414a5018faba46
SHA256

6e1c9f3c56ac2e7340ebc8d29ac2a4e6a0cb40b5442be00aa0e2bd38b3a868c1
SHA512

0e923be9a5bff27614f28ac92b7d37393f2b694152f617f703d169e1912b46d3b13fe6b33feee267997a53b922c3bb5e13ebbee2399896c0a28637f5e84681ac
SSDEEP

1536:cXBYjfC24mFVsIgvo3X4iZpTha5VlA8mw7aoL8lYTjipvF2lR:cX+0mFmIgvo4iZhha5rZaoL8lYvQd2lR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2072	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
1680	146c23e2fa312567aabb9dad355e98d9_JC.exe
1680	146c23e2fa312567aabb9dad355e98d9_JC.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\cec5418e\jusched.exe	146c23e2fa312567aabb9dad355e98d9_JC.exe
File created	C:\Program Files (x86)\cec5418e\cec5418e	146c23e2fa312567aabb9dad355e98d9_JC.exe
File created	C:\Program Files (x86)\cec5418e\info_a	146c23e2fa312567aabb9dad355e98d9_JC.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update23.job	146c23e2fa312567aabb9dad355e98d9_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2072	1680	146c23e2fa312567aabb9dad355e98d9_JC.exe	28
PID 1680 wrote to memory of 2072	1680	146c23e2fa312567aabb9dad355e98d9_JC.exe	28
PID 1680 wrote to memory of 2072	1680	146c23e2fa312567aabb9dad355e98d9_JC.exe	28
PID 1680 wrote to memory of 2072	1680	146c23e2fa312567aabb9dad355e98d9_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\146c23e2fa312567aabb9dad355e98d9_JC.exe
"C:\Users\Admin\AppData\Local\Temp\146c23e2fa312567aabb9dad355e98d9_JC.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\cec5418e\jusched.exe
  "C:\Program Files (x86)\cec5418e\jusched.exe"
  2⤵
  - Executes dropped EXE
  PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\cec5418e\cec5418e

Filesize
17B

MD5
bff3d8f76e182194c4a2abf1aabba9f3

SHA1
07e5b604bb505a800b3e0ac16fee483b70595768

SHA256
6bc8a4f93eaa1b3e7cfa696855bf6a852cf6555d694bc03e337261a27e58246f

SHA512
0c5def3bb01ed166d4135190e131c27be4b6039987e269b6c3fca07677b3c637868397f207df631a098182a6bd3c795e6dd34541f82c5ecd6062441af0af7f50

Download Submit
C:\Program Files (x86)\cec5418e\info_a

Filesize
12B

MD5
539c61a0e6e73f24318f12735051b96c

SHA1
54cfac3bfd45cdbff808aa7db49bf584a1411591

SHA256
ef081f338dab3407328dbb36b7ae48b544d96c8d085751691d2d555038ab6302

SHA512
77439277aaabbccd66cadf0239e5039bf388bde0a29b6a839e49039f5e05a70eaeffa76c847830da55bf2f6e10a6416295c9defab2e8a3ff8a7e9232df8cfcb8

Download Submit
C:\Program Files (x86)\cec5418e\jusched.exe

Filesize
397KB

MD5
84fe58f85ff0d8d101af14ea27db3aa3

SHA1
79a86f1e6ad9d8dc5b067b96e67924bfea207722

SHA256
519e28a28f3f33deee170e0d7523b590b6936d4bc44ea39e64c40dfbf3bd6f44

SHA512
ff5b75c3e1c6093daa0a1b6d7ad36c655f5fb1350c966724a0e5be48eb1350bc44c92db431731b4aff714e30706751e6d2a88f209777e75e72511234f0173367

Download Submit
C:\Program Files (x86)\cec5418e\jusched.exe

Filesize
397KB

MD5
84fe58f85ff0d8d101af14ea27db3aa3

SHA1
79a86f1e6ad9d8dc5b067b96e67924bfea207722

SHA256
519e28a28f3f33deee170e0d7523b590b6936d4bc44ea39e64c40dfbf3bd6f44

SHA512
ff5b75c3e1c6093daa0a1b6d7ad36c655f5fb1350c966724a0e5be48eb1350bc44c92db431731b4aff714e30706751e6d2a88f209777e75e72511234f0173367

Download Submit
\Program Files (x86)\cec5418e\jusched.exe

Filesize
397KB

MD5
84fe58f85ff0d8d101af14ea27db3aa3

SHA1
79a86f1e6ad9d8dc5b067b96e67924bfea207722

SHA256
519e28a28f3f33deee170e0d7523b590b6936d4bc44ea39e64c40dfbf3bd6f44

SHA512
ff5b75c3e1c6093daa0a1b6d7ad36c655f5fb1350c966724a0e5be48eb1350bc44c92db431731b4aff714e30706751e6d2a88f209777e75e72511234f0173367

Download Submit
\Program Files (x86)\cec5418e\jusched.exe

Filesize
397KB

MD5
84fe58f85ff0d8d101af14ea27db3aa3

SHA1
79a86f1e6ad9d8dc5b067b96e67924bfea207722

SHA256
519e28a28f3f33deee170e0d7523b590b6936d4bc44ea39e64c40dfbf3bd6f44

SHA512
ff5b75c3e1c6093daa0a1b6d7ad36c655f5fb1350c966724a0e5be48eb1350bc44c92db431731b4aff714e30706751e6d2a88f209777e75e72511234f0173367

Download Submit
memory/1680-0-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1680-13-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1680-8-0x0000000002220000-0x0000000002292000-memory.dmp

Filesize
456KB

Download
memory/1680-14-0x0000000002220000-0x0000000002292000-memory.dmp

Filesize
456KB

Download
memory/2072-16-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2072-18-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download