51fad2296d369a6dae2b51a4308ca0abda3aa43c43f2eff5f580e79d1516dbd4

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0725650f4ee92b72ceacebcb3b62f658.exe
Size

236KB
MD5

0725650f4ee92b72ceacebcb3b62f658
SHA1

002409d21ad8c6bfb9aa55c3fe1f04d5712be9ab
SHA256

51fad2296d369a6dae2b51a4308ca0abda3aa43c43f2eff5f580e79d1516dbd4
SHA512

042eba8fe4bfc2509b811a09034e6b2a186aea09676dc039a515e0e0e911b6c96dbb031e36e9bcee71ce273b76989f5eeff8aa39ab45c64b4c4630b94bc6bcbf
SSDEEP

3072:oVHgCc4xGvbwcU9KQ2BBAHmaPxBVoIb5E:1Cc4xGxWKQ2Bonx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2716	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
1936	0725650f4ee92b72ceacebcb3b62f658.exe
1936	0725650f4ee92b72ceacebcb3b62f658.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\a6698373\a6698373	0725650f4ee92b72ceacebcb3b62f658.exe
File created	C:\Program Files (x86)\a6698373\jusched.exe	0725650f4ee92b72ceacebcb3b62f658.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update23.job	0725650f4ee92b72ceacebcb3b62f658.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2716	1936	0725650f4ee92b72ceacebcb3b62f658.exe	28
PID 1936 wrote to memory of 2716	1936	0725650f4ee92b72ceacebcb3b62f658.exe	28
PID 1936 wrote to memory of 2716	1936	0725650f4ee92b72ceacebcb3b62f658.exe	28
PID 1936 wrote to memory of 2716	1936	0725650f4ee92b72ceacebcb3b62f658.exe	28

C:\Users\Admin\AppData\Local\Temp\0725650f4ee92b72ceacebcb3b62f658.exe
"C:\Users\Admin\AppData\Local\Temp\0725650f4ee92b72ceacebcb3b62f658.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\a6698373\jusched.exe
  "C:\Program Files (x86)\a6698373\jusched.exe"
  2⤵
  - Executes dropped EXE
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\a6698373\a6698373

Filesize
17B

MD5
134c1d489094d6d3399f65b0e9aebc1f

SHA1
612a57fbe6ed3ab9c15b39451171d813314a28d5

SHA256
54f9150d1268f7b4b83dd9fc3ec32274bf749715a5806ff3ca5262f5427d6781

SHA512
b09bf60e4850d05261d81a124a647dd111f42480224eae8a3bd2f64736c38119953703f868ad34194a7ae6dad6aabff4081ba73df262bbe9f5327867c56a48ed

Download Submit
\Program Files (x86)\a6698373\jusched.exe

Filesize
236KB

MD5
e2e34dab283ac13017415a7694c38f7f

SHA1
d1f506a3b57d8164f0baa3f7cc77ac86dd36d184

SHA256
54c89a8395807d7b379fe2ac806961993bba8e5309db4e9bc9a5c2997eabf7f0

SHA512
1a547b892ed8aaef9b9e130e7b7820e0b1b74eb233a2217ec00c74042f2eaff89c582219552da791f3350dc70f0c41e9328fe3b501270ad204d6bc331db278de

Download Submit
memory/1936-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1936-7-0x00000000026B0000-0x0000000002705000-memory.dmp

Filesize
340KB

Download
memory/1936-12-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2716-14-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download