d7bbc399c169e0b1b27a91f4e8a98e7231151d762e85803a71dc2a48af8a80ce

Analysis

max time kernel
2s
max time network
19s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 23:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

3b644e22de29dcac9fd35f87b5018f64.exe
Size

6.8MB
MD5

3b644e22de29dcac9fd35f87b5018f64
SHA1

4a9e3224819c89228a6a7a81a0476f325a6878ec
SHA256

d7bbc399c169e0b1b27a91f4e8a98e7231151d762e85803a71dc2a48af8a80ce
SHA512

29c59ab5566738a6b02c3e7842b615a942e84340ef4218e82625f7d2f727f41aee04c5377f94117acb390469984f8716cba31553bc76efaca3d82245d12c169a
SSDEEP

49152:EQFRHrmQG+yrV2FhrV2FTF0FhrV2iTPFrV2FhrV2FTF0FhrVj:EcKf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2608	jfyqg.exe

Loads dropped DLL 2 IoCs

pid	Process
1300	3b644e22de29dcac9fd35f87b5018f64.exe
1300	3b644e22de29dcac9fd35f87b5018f64.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2608	jfyqg.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2608	jfyqg.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2608	jfyqg.exe
2608	jfyqg.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 2608	1300	3b644e22de29dcac9fd35f87b5018f64.exe	28
PID 1300 wrote to memory of 2608	1300	3b644e22de29dcac9fd35f87b5018f64.exe	28
PID 1300 wrote to memory of 2608	1300	3b644e22de29dcac9fd35f87b5018f64.exe	28
PID 1300 wrote to memory of 2608	1300	3b644e22de29dcac9fd35f87b5018f64.exe	28

C:\Users\Admin\AppData\Local\Temp\3b644e22de29dcac9fd35f87b5018f64.exe
"C:\Users\Admin\AppData\Local\Temp\3b644e22de29dcac9fd35f87b5018f64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Users\Admin\AppData\Local\Temp\jfyqg.exe
  C:\Users\Admin\AppData\Local\Temp\jfyqg.exe -run C:\Users\Admin\AppData\Local\Temp\3b644e22de29dcac9fd35f87b5018f64.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jfyqg.exe

Filesize
29KB

MD5
cb47cd482fb2d4f7712229c6dece6686

SHA1
6a8dcaf07ec04893b4c96932f07a1655f8347934

SHA256
f22a3923ab610d7d2a4c916cc94f3c369841dea8ea89096babb1d0ef96b6d2f0

SHA512
e4045bcd6e24657e72a1535b7e0a763879151e79b5197821d8cb50ec08bc83f1eefcc19fda3c433d1e5c3223e7d19c5ae0718123c4f48df7796192a71aef5a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jfyqg.exe

Filesize
249KB

MD5
bfc4bd79cb959cc62c25bc107ce1fb8b

SHA1
0ed66421b7a838be83298a06b1d88a943dc2c93d

SHA256
d03f4ce4532453f8a0dac23801fb4bf3e3f9eff3c83c3c88bb44511bc57f69fd

SHA512
72c321472d935028bc39c9c37a5d6d7c98ab1e8ada6012096dcd306d440ace6e8f67985ebc4e235d2a81e769011398508f718687eb4c48f4b7b2bbde36bdcfef

Download Submit
C:\Users\Admin\AppData\Local\Temp\jfyqg.exe

Filesize
180KB

MD5
e4ae65f073f5cd4754c92438a06385f0

SHA1
1a569bc7ddc7020a78cc727ba38fb2ee4e231c73

SHA256
48554d40e6e1f92334d2a59d91959bec6e7d4805b1c808d1f97cd119da4f3fa9

SHA512
46c38d66f9335da0a3ba0b49d53a7e13daa8a6cad808b7140c0a921bf83f51d865e45d1e656b98c185b9318d8e6d3bb905653916e73267829a34225ffbf7604b

Download Submit
\Users\Admin\AppData\Local\Temp\jfyqg.exe

Filesize
151KB

MD5
ff20677a5a86bd4537a665c5318d1baa

SHA1
9db8b1b957e507d964215c0dc5ef4e3029ef611f

SHA256
831a83d26e83cb8a16e9a847f2703f26ae6d103f4f26b03c496b8070076cf48d

SHA512
930a94c7a090ebc2a5e2f9a1ea32449824cae22bd8709f89e0925eb56dff9dc67d3b47d8b8098ad11e07cdf940e80e7aa341d1ff1d3e655da20f3198e74bd91e

Download Submit
\Users\Admin\AppData\Local\Temp\jfyqg.exe

Filesize
143KB

MD5
2a3168e66090b346ce41f5ec67ba0bde

SHA1
0e0025162d523d19fd81f72948ddfad3b76a374c

SHA256
a7a6d549b56e4c96db013fc0e7557ab185e7937231ab2b6138081069b6e49a30

SHA512
c4ba06169fa3fe8e84fec7b188f8f3db08c4534a62662d0fea35c0787f78a8aa2b052218829a0ab45d153f9a6d5c83149659e78339b05d32acb723a2ddfd294d

Download Submit
memory/1300-25-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/1300-22-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/1300-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-13-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1300-56-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1300-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-2-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1300-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1300-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1300-5-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1300-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1300-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1300-8-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1300-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1300-10-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1300-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1300-12-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1300-18-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1300-19-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1300-20-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1300-58-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/1300-16-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1300-15-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1300-14-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1300-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1300-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1300-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-28-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/1300-27-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/1300-26-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/1300-1-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/1300-24-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1300-23-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1300-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1300-21-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2608-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2608-67-0x0000000002310000-0x0000000002316000-memory.dmp

Filesize
24KB

Download
memory/2608-65-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2608-66-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2608-68-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2608-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2608-62-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2608-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2608-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2608-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2608-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2608-64-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2608-63-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2608-61-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2608-124-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download