Overview

overview

7

Static

static

3

31dc464279...JC.exe

windows7-x64

7

31dc464279...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2023, 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31dc4642799d2fafc5d0f0f72ba6c6f0_exe32_JC.exe

  • Size

    70KB

  • MD5

    31dc4642799d2fafc5d0f0f72ba6c6f0

  • SHA1

    07e7a1c05a3b70a709207b5cb71c51defa080c72

  • SHA256

    2e272b385a2298ab9dc3415cc863336b156a3f183cf6a0cbc93fa652fa0b6b66

  • SHA512

    f45c082196cbc169a8298d526545721c04b292bf47fa625665dd3ab5b21462be5b07aadcf076e8a01be04bef97a0195aac74134e8a4599c5580fbcdf1c98a724

  • SSDEEP

    768:V4bSshapMnJguFiZp6UuxP/yQomaB5qvhTRFlr/Pt8vKJ+DEqm1s/XZA4NgS7:abSshapMJgKJUuxGmfJPtOgqm1s/XZSW

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Program crash 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31dc4642799d2fafc5d0f0f72ba6c6f0_exe32_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\31dc4642799d2fafc5d0f0f72ba6c6f0_exe32_JC.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2200
    • \??\c:\users\admin\appdata\local\temp\winlgon.exe
      c:\users\admin\appdata\local\temp\winlgon.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3652
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 688
        3⤵
        • Program crash
        PID:1384
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 688
        3⤵
        • Program crash
        PID:1148
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 572
      2⤵
      • Program crash
      PID:676
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3652 -ip 3652
    1⤵
      PID:4288
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2200 -ip 2200
      1⤵
        PID:312

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\winlgon.exe
        Filesize

        70KB

        MD5

        dedfbbb48bf13b0065a0d2f4ba274c93

        SHA1

        43213cc5bd0aa74b168ab5cfe741cdd130e894b4

        SHA256

        72aa35d06b7f289a539afdc8ed7054adac98036e9646df31e1f4f596404ae19a

        SHA512

        dd08ddcde9d73817ad8112f99aeaf229aba4fa6c91ac33055508fc23c21ddd30dd9a1f7a91b448f9d0f0e69ed685d030ed91341e916cc4927dc5ac52334db682

        Download Submit

      • \??\c:\users\admin\appdata\local\temp\winlgon.exe
        Filesize

        70KB

        MD5

        dedfbbb48bf13b0065a0d2f4ba274c93

        SHA1

        43213cc5bd0aa74b168ab5cfe741cdd130e894b4

        SHA256

        72aa35d06b7f289a539afdc8ed7054adac98036e9646df31e1f4f596404ae19a

        SHA512

        dd08ddcde9d73817ad8112f99aeaf229aba4fa6c91ac33055508fc23c21ddd30dd9a1f7a91b448f9d0f0e69ed685d030ed91341e916cc4927dc5ac52334db682

        Download Submit