69151c137bdbf1c0b5e7dae6ecb1bd8f5c588aa1a1587659f0e796a9de53ed3c

Analysis

max time kernel
142s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 07:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f0330e4425246e95ba7a596040da8fe.exe
Size

208KB
MD5

0f0330e4425246e95ba7a596040da8fe
SHA1

a116da0bfb633b2cf4dc32795c7ae83259a2ff93
SHA256

69151c137bdbf1c0b5e7dae6ecb1bd8f5c588aa1a1587659f0e796a9de53ed3c
SHA512

e938b63e4eea2d1edbbe732dfe50552dc2319e61f956b5948f9eee91324c8e02f6661df0e13c79a2db5315e2203033a2faef2334976a9dc4a0cfae5c6fa13bd5
SSDEEP

1536:a5AiTLOQ74YDtnlN5UL09atT0mBBAragjSvIYFwAmd/okQpNu8:a53mQ7JtnP5I09qgmBBAWgjSvwN/okWd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3020	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
2024	0f0330e4425246e95ba7a596040da8fe.exe
2024	0f0330e4425246e95ba7a596040da8fe.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\e250773d\jusched.exe	0f0330e4425246e95ba7a596040da8fe.exe
File created	C:\Program Files (x86)\e250773d\e250773d	0f0330e4425246e95ba7a596040da8fe.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update23.job	0f0330e4425246e95ba7a596040da8fe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3020	2024	0f0330e4425246e95ba7a596040da8fe.exe	28
PID 2024 wrote to memory of 3020	2024	0f0330e4425246e95ba7a596040da8fe.exe	28
PID 2024 wrote to memory of 3020	2024	0f0330e4425246e95ba7a596040da8fe.exe	28
PID 2024 wrote to memory of 3020	2024	0f0330e4425246e95ba7a596040da8fe.exe	28

C:\Users\Admin\AppData\Local\Temp\0f0330e4425246e95ba7a596040da8fe.exe
"C:\Users\Admin\AppData\Local\Temp\0f0330e4425246e95ba7a596040da8fe.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\e250773d\jusched.exe
  "C:\Program Files (x86)\e250773d\jusched.exe"
  2⤵
  - Executes dropped EXE
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\e250773d\e250773d

Filesize
17B

MD5
4d77d6b250ffb567743b8dbcdad695b8

SHA1
d5a8f98f9433f6d36c74df463cef3e2cf524462d

SHA256
7ec7a3a23890c3592f5b762aecf11adbf8831fad11b8048aedfa7315d599c5f2

SHA512
5655153049101fd67125d484c81f1ad30b44f36f00e3aabfe8d730a21661f4b394357b60da549289def4311b4cc7bd508d8fd6b8db254cd442b2152f8902bd71

Download Submit
\Program Files (x86)\e250773d\jusched.exe

Filesize
208KB

MD5
de20545422e753e7232f10031a9bc108

SHA1
7ee2f4d8696117f28fd6c4c5788e238f128abcab

SHA256
749d66cdc6947846e5556e8cf22a225dad1b3acac1ba54a86a21c5b9dd4e191e

SHA512
8e2f2bcfd02916fb28dde5cdae918ad7487258d9d7475346687608aa53bc25f577e28f20b5f5ec5a8128265931a80c8458ec9d32bb5cbaa6da5c86656e9389a2

Download Submit