Overview

overview

7

Static

static

3

MJSEAUC.exe

windows7-x64

6

MJSEAUC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    246s
  • max time network
    265s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MJSEAUC.exe

  • Size

    183KB

  • MD5

    e0b183ee67f1422147758c4aece5e8cc

  • SHA1

    78475d0ec4236e9540cc63251fece2a9cf11cfce

  • SHA256

    e071dd30e7fee2df8a08a468e10a760cc28d2d2c2361fa14759371ea2dce1c79

  • SHA512

    9453c9e2960c33a760c8963aac032c74e91ef75b74fcbb8ff82991899d03bfb7bfe17bfd72fd71b0863a5802e68e238571360de5b265bb79f639dab35297f7aa

  • SSDEEP

    3072:HYRnA5n+/U/vkkH+LGP34o2KerVUzeeDXbwa21D59ua/aHyvZRBd2iL:HYRun+/UYObwv

Score
7/10
collectionspywarestealer

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MJSEAUC.exe
    "C:\Users\Admin\AppData\Local\Temp\MJSEAUC.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • outlook_office_path
    • outlook_win_path
    PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2312-0-0x0000000074F30000-0x00000000754E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2312-1-0x0000000074F30000-0x00000000754E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2312-2-0x0000000000CD0000-0x0000000000CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2312-3-0x0000000000CD0000-0x0000000000CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2312-4-0x0000000074F30000-0x00000000754E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2312-5-0x0000000074F30000-0x00000000754E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2312-6-0x0000000000CD0000-0x0000000000CE0000-memory.dmp

    Filesize

    64KB

    Download