Analysis
-
max time kernel
166s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
12/10/2023, 15:02
General
-
Target
ea0cf0a560a8c73d543e3dc2c0be0746_JC.exe
-
Size
476KB
-
MD5
ea0cf0a560a8c73d543e3dc2c0be0746
-
SHA1
c680dfd744d3537844193b611777c8f5ba5ac387
-
SHA256
4b4069bc462e10031185e70d3a9fad2a266e708e1f2d55d3890e7442b0e2344f
-
SHA512
305e5fe3028598ce67a451526866d6e1fcd85da4acdb697a38914abce3b44e3f1787c82b49cc2bcfaddf920b5e15f413d287be9e5a9993f69a686b11134d7a4d
-
SSDEEP
6144:WdspDeDrxkg/vrMuJIgwhEFHyOrJcX/Pgqwzm5IzkWjS4e4azExBKO1t4Kb70Nqr:s8kxNhOZElO5kkWjhD4AI
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 34 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies registry class 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea0cf0a560a8c73d543e3dc2c0be0746_JC.exe"C:\Users\Admin\AppData\Local\Temp\ea0cf0a560a8c73d543e3dc2c0be0746_JC.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\CIJCLL.EXEC:\Users\CIJCLL.EXE2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5b83c70f030d9271246ab6a100bcfa1f5
SHA1d9d3ad58de981c3938eb054e58ec196d1cba311b
SHA256161e7f76e676f7c513bb2c85e554365552db2f2976e00e08a375f0d77c9cf5ff
SHA512af477a7af3e1faa001404df4e1859cc400cf4b607aebc0858247f601b1cea08f158fe0a5eca17a3d7b9389b55b5490471dc62fc79c4699776d93a12436c40e75
-
Filesize
476KB
MD5b83c70f030d9271246ab6a100bcfa1f5
SHA1d9d3ad58de981c3938eb054e58ec196d1cba311b
SHA256161e7f76e676f7c513bb2c85e554365552db2f2976e00e08a375f0d77c9cf5ff
SHA512af477a7af3e1faa001404df4e1859cc400cf4b607aebc0858247f601b1cea08f158fe0a5eca17a3d7b9389b55b5490471dc62fc79c4699776d93a12436c40e75
-
Filesize
476KB
MD5b14c8609b01696a4de7342e0857a307f
SHA1fc0620b09ae2097631fd03ba0362fa68c29bdc8a
SHA2562e596f690de2a645a97c0ee25685883dc089ae15e05421f626bc71b720eb1b3d
SHA512a1746c5f3c0e6f2edc60feedb9db227f358554ee6e3f8abb21a5587f762dc2536f8615e2741055ebcd33fc435ebb240ab35ea1f88d6bcacc66527f1ce0d7673b
-
Filesize
194B
MD5ea713fce91ba6f25147c321f5bbe2f36
SHA15de6d8529d340ebd0a86b3d8933dbc89e873e90f
SHA256a982ffe5742b96d535e21af8834d001336855e4227446b0b59033bda62f53479
SHA512967a27b9bd771889a0eaac85969cf6b94adf570763e898c5086631596e276d235490e03693c98be7422d99554061121199f1da818fe6ee65631b4fdaa315ab2b
-
Filesize
448KB
-
Filesize
4KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
4KB
-
Filesize
448KB