926ad85510a1c9ddb1ad9f62c9450e1c6bb56eb24243d86dcdd26dd668a9f129

Analysis

max time kernel
161s
max time network
141s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9595c8fc2f8ab88268712bb70d6ead1_JC.exe
Size

267KB
MD5

e9595c8fc2f8ab88268712bb70d6ead1
SHA1

282eb9ef0f03f28038412669f49a81db7a62d8e0
SHA256

926ad85510a1c9ddb1ad9f62c9450e1c6bb56eb24243d86dcdd26dd668a9f129
SHA512

d49820eee30a4baa6718fcb633147b45d0a28e1026779d2bd7f89f87c60c4e28167c78953913181a22ec3e288c41c870cf0e0c3cfdfff5a5103bd41591c036a3
SSDEEP

6144:0009vjmGaQITG+BvGebdEYP48VoiH9p4veiet8WD:0PCGaQz+Beydt/Voo9I8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2628	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ORGGRO.EXE	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe
File created	C:\Windows\SysWOW64\ODBC16M.EXE	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe
File opened for modification	C:\Windows\SysWOW64\ODBC16M.EXE	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.com	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2628	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe
2628	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe
2628	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe
2628	e9595c8fc2f8ab88268712bb70d6ead1_JC.exe

C:\Users\Admin\AppData\Local\Temp\e9595c8fc2f8ab88268712bb70d6ead1_JC.exe
"C:\Users\Admin\AppData\Local\Temp\e9595c8fc2f8ab88268712bb70d6ead1_JC.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\ODBC16M.EXE

Filesize
267KB

MD5
4b4ce0657ff82a0ab771c8dea3ac5ac1

SHA1
107da17e02a6e2208c9183b85208966e6eaca756

SHA256
cc684883a969a6579dc7e339c5e8f768e12d30e69e366c75bdcaab210c3c86c9

SHA512
6c74d904f1a38b9b7e190b311abb42450a4b0c7aaf4d62afa924f944f40ee2695991b91595a4ae6cadcf839a7a446a6e53d77a644d0a4e760be83a943327b29a

Download Submit
\Windows\SysWOW64\ODBC16M.EXE

Filesize
267KB

MD5
4b4ce0657ff82a0ab771c8dea3ac5ac1

SHA1
107da17e02a6e2208c9183b85208966e6eaca756

SHA256
cc684883a969a6579dc7e339c5e8f768e12d30e69e366c75bdcaab210c3c86c9

SHA512
6c74d904f1a38b9b7e190b311abb42450a4b0c7aaf4d62afa924f944f40ee2695991b91595a4ae6cadcf839a7a446a6e53d77a644d0a4e760be83a943327b29a

Download Submit
memory/2628-13-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-8-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-9-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2628-10-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-11-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-12-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2628-14-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-15-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-16-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-17-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-18-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-19-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-20-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-21-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2628-22-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download