Overview

overview

7

Static

static

3

2023-08-25...JC.exe

windows7-x64

3

2023-08-25...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 03:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-25_44614306d01779d09d2754b7efa153ff_mafia_JC.exe

  • Size

    484KB

  • MD5

    44614306d01779d09d2754b7efa153ff

  • SHA1

    0cc1a6ff366b8c2ebe68cf30f792d85ce47c8cbf

  • SHA256

    ec6c63c93f128dd7db611dc3a7ac994c043fac27d4810ff7d053222dfa8e775a

  • SHA512

    3aad0e082c13c26b496e2c9e3deb07663ae638f3274b59effb029d1d349275ea05c453bc3d18fb872a807e75ee65e227f8ba8fecf522467dd184bb82e1628c29

  • SSDEEP

    12288:iu4lNAtYytvS5Aku1YLtxdkUoDj9JU01tuMsTp:iwhtvSLuCeUoPo0uM

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-25_44614306d01779d09d2754b7efa153ff_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-25_44614306d01779d09d2754b7efa153ff_mafia_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3776
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/rxzgzb.html?s=140&v=141&c=148&a=175&m=&t=1614606269
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3920
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3920 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2440
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x510 0x508
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3136

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\myqr27u\imagestore.dat
          Filesize

          151B

          MD5

          1ba1de46fff8c9bde173cbf50bcf8ecb

          SHA1

          c23239e4a3f4c10e854cdae25c68a989625276a9

          SHA256

          1ab3a6867859ded1e6d4ee4f8a34497371708136b846cd7fe276cac6f3735e89

          SHA512

          755dba15581f148f58cb1eb89f7f32b06ca6da551206d5f4fa04b35bddafd095b2c57576c90c3b6c8579a99df9053bf59b52870b85d2956b56ac3035a26946d8

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RORH6TK\TCaptcha[1].js
          Filesize

          79KB

          MD5

          cf1f7b5f26170b63eb1a5fea4abb05a5

          SHA1

          d03a929c5f82d8d31cd8e9aaa0b686086a15ae6b

          SHA256

          bc4ac878d90b7721264cb605ea1efae6bc7ab573c801620651416fab052c1f4a

          SHA512

          97954bd96e60bbc32934db460ae71ceb8122e6be0e01b7bdd98a9a30d0744fdb9bb56f3cf65ef3967372ede0c60e0400d129375a1d9ba80eb07e779c54806588

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RORH6TK\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NS3OFJEX\favicon[1].ico
          Filesize

          43B

          MD5

          ad4b0f606e0f8465bc4c4c170b37e1a3

          SHA1

          50b30fd5f87c85fe5cba2635cb83316ca71250d7

          SHA256

          cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

          SHA512

          ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NS3OFJEX\index[2].mp4
          Filesize

          7.2MB

          MD5

          86f9f13f354a7948803009d2909336c2

          SHA1

          cbf093676a5c6d21d1666ede7d958eb9b235eba4

          SHA256

          f57c7a5854ddd02bac462eb3a0bf89a72f27c2790196f0181c9b137e3594d5fd

          SHA512

          07ad1b39b2e180be14a26efcaded0ce137d9e5aa711329e865a6b153ce6c72b09b99ce58cb8e0995eb47a2b7654756c4d12a3c73e417c4c094dfb5f88d0b6f6c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YQR9M4BX\2[1].js
          Filesize

          10B

          MD5

          74e1080b5e3125ca3a5abc7b340399aa

          SHA1

          b1e150e5809482e54c347d440f1824179c0d6d5f

          SHA256

          623017a5748ff1b4e9d0f227f5cd58869ae4959d1ca8fd204c9441cd11e2695b

          SHA512

          51985a333a6c225976863cf49eca3492f5b8a61f525d08d0bc69c25a7eecaad6fc3ec6f71420f06bb1c3fbfbd197eed6c5c4a99929bd0dbdee73ec2f88265f80

          Download Submit