Overview

overview

10

Static

static

3

78b83e3eaf...JC.exe

windows7-x64

10

78b83e3eaf...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78b83e3eaf7ec2ba67599c14508488c5_JC.exe

  • Size

    425KB

  • MD5

    78b83e3eaf7ec2ba67599c14508488c5

  • SHA1

    3d3587e5196f05525679c36d5f7c413608b2f851

  • SHA256

    76d9307c2ecfd71788a634f176dcacc7fb3e1cd364be89286f57e7ac48458df1

  • SHA512

    fa7d322e6718a40a74043a8ef16859ade164caa3b6753bc7d70e156b478d32e530455032e9237d6114bedef35c33fac0b19114dea956b8eefb4c52e9d885ded7

  • SSDEEP

    1536:6Z/fgEAqJlV+n1EgGHo7P1YPx28Vayon3s/B/C:61gEZl0nt/P1YPx/onO/C

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.alizametal.com.tr
  • Port:
    21
  • Username:
    alizametal.com.tr
  • Password:
    hd611

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78b83e3eaf7ec2ba67599c14508488c5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\78b83e3eaf7ec2ba67599c14508488c5_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files (x86)\1c6cc8c2\jusched.exe
      "C:\Program Files (x86)\1c6cc8c2\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:1016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\1c6cc8c2\1c6cc8c2
    Filesize

    17B

    MD5

    80e7928b124479791c52c09d831495f6

    SHA1

    94c8cb5ce4b1c1e70a2802efc22395c1003fc8bd

    SHA256

    a6bb92ad6bdd253818b2660e9befc8e3689b3bee61233f7a67a6ca0695acab12

    SHA512

    5183e48a8dc4f64277b7a0303f97b704ffa63dcc7256aaddb69994ef108f2f2922d9ec9a62eda403eed6c4f66dd719297c9d24e997f662eded63a49810493d2d

    Download Submit

  • C:\Program Files (x86)\1c6cc8c2\jusched.exe
    Filesize

    425KB

    MD5

    ff909b2fd5f3e4cf83ca4d741b382a8a

    SHA1

    6d2566567e5e025b9040558ab0e1806e820108e5

    SHA256

    1cf9cf1395bb15b32e3b35d23e449d87f221fdd1d94dd85c45f9189338f14b38

    SHA512

    1e40f6896c6aba6633b7ddccdf7065a3138ea5358446155c2c3b1fc2a977204381ce04734975e01fce07af3a325695fe8920f914bcb422b99359cc6b12409952

    Download Submit

  • C:\Program Files (x86)\1c6cc8c2\jusched.exe
    Filesize

    425KB

    MD5

    ff909b2fd5f3e4cf83ca4d741b382a8a

    SHA1

    6d2566567e5e025b9040558ab0e1806e820108e5

    SHA256

    1cf9cf1395bb15b32e3b35d23e449d87f221fdd1d94dd85c45f9189338f14b38

    SHA512

    1e40f6896c6aba6633b7ddccdf7065a3138ea5358446155c2c3b1fc2a977204381ce04734975e01fce07af3a325695fe8920f914bcb422b99359cc6b12409952

    Download Submit

  • \Program Files (x86)\1c6cc8c2\jusched.exe
    Filesize

    425KB

    MD5

    ff909b2fd5f3e4cf83ca4d741b382a8a

    SHA1

    6d2566567e5e025b9040558ab0e1806e820108e5

    SHA256

    1cf9cf1395bb15b32e3b35d23e449d87f221fdd1d94dd85c45f9189338f14b38

    SHA512

    1e40f6896c6aba6633b7ddccdf7065a3138ea5358446155c2c3b1fc2a977204381ce04734975e01fce07af3a325695fe8920f914bcb422b99359cc6b12409952

    Download Submit

  • \Program Files (x86)\1c6cc8c2\jusched.exe
    Filesize

    425KB

    MD5

    ff909b2fd5f3e4cf83ca4d741b382a8a

    SHA1

    6d2566567e5e025b9040558ab0e1806e820108e5

    SHA256

    1cf9cf1395bb15b32e3b35d23e449d87f221fdd1d94dd85c45f9189338f14b38

    SHA512

    1e40f6896c6aba6633b7ddccdf7065a3138ea5358446155c2c3b1fc2a977204381ce04734975e01fce07af3a325695fe8920f914bcb422b99359cc6b12409952

    Download Submit

  • memory/1016-15-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/1016-17-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2228-0-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2228-7-0x00000000027B0000-0x0000000002818000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2228-12-0x00000000027B0000-0x0000000002818000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2228-13-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download