Analysis
-
max time kernel
156s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2023 15:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe
Resource
win7-20230831-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe
-
Size
64KB
-
MD5
d614f2642e5cc15b34ba5ec7e3f3e53c
-
SHA1
2ba848bacca3d62290bb4a70f2544fdd39a8dee2
-
SHA256
e19360fe494a2712083c4b13d31ab293ebc2c3373c17ad07af7b9656f838b277
-
SHA512
d28f0ffb441868874f4d654ba78eef98db6a6d06d5c99ef0f3494a9cb936c9794f44c60bda2f66b977bacac552631d6ff749aafbbad17467bd3d99e811669b10
-
SSDEEP
768:lid0dFOvYO7ymYIDDackJudrxm0foRctgKIYb/aLHR0:NdF6Y9JIXfLrhoCFISyLHW
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\UsaShohdi.asu d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification C:\Windows\SysWOW64\UsaShohdi.asu d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Mozilla Firefox\default-browser-agent.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\7-Zip\7zFM.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\ssvagent.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOSREC.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\Wordconv.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\javaw.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Mozilla Firefox\plugin-container.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\IEContentService.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\VideoLAN\VLC\vlc.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\7-Zip\7zG.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\msoasb.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files (x86)\Common Files\Java\Java Update\jucheck.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\javaws.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SETLANG.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\VideoLAN\VLC\vlc.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Mozilla Firefox\updater.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\7-Zip\Uninstall.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\7-Zip\7zG.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\javacpl.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTE.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\bin\jmc.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Java\jre1.8.0_66\bin\ssvagent.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\msotd.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.usa d614f2642e5cc15b34ba5ec7e3f3e53c_JC.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD56ae379ebbe1c59fa9a9428efced6a037
SHA14656f98f695fe7cd21f07e77f6f5bc5599941deb
SHA256e817ceb703e06a71c9319b61d0b07cad9b73f713b0a843faeccbf78c762c3da8
SHA5126978e924f3b9b3e8bcd9cf4ca2be94583d3e3dae6d594f449ab53c641be91206405abdf7d8a6210710a03770e9b56d3c5934330374dde3ac1615f871bf091cbc