Overview

overview

7

Static

static

3

39eca44b5f...7f.exe

windows7-x64

7

39eca44b5f...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    201s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    39eca44b5f7876aa9e17855fa0ec7c7f.exe

  • Size

    208KB

  • MD5

    39eca44b5f7876aa9e17855fa0ec7c7f

  • SHA1

    48d622b59fbcdab50811ad76515a59028ed23831

  • SHA256

    a4134490d2c4ae3be615b9fd37e3d27e13af842d854ae986d06d18c3908b1380

  • SHA512

    bb5cdf13485f0a3e9a2387f2302e1d3ba5f776d02607c04084315aed32a14861ed9bb2f38bc97e1e2ea2e5fea983a53d7798a064dc875786a6311ee970dc5507

  • SSDEEP

    3072:XChJgYMm4xf9cU9KQ2BxA59SPMqOoWn29O:rYMm4xiWKQ2BiCMyO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39eca44b5f7876aa9e17855fa0ec7c7f.exe
    "C:\Users\Admin\AppData\Local\Temp\39eca44b5f7876aa9e17855fa0ec7c7f.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files (x86)\b9c73b2a\jusched.exe
      "C:\Program Files (x86)\b9c73b2a\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:2952

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\b9c73b2a\b9c73b2a
          Filesize

          17B

          MD5

          89931a70501a3362b6823b53523f5a77

          SHA1

          88c7e199c462ed8cc3af0ba453512b5b1fdcfdb5

          SHA256

          d30d9a0e64bc9f4a306617f087f30de6d57a5413793ab7bde13a299777a1b254

          SHA512

          8fa7ab4824ae86f3f47b3718c11f79ef275dd0639396572eaeb1262ad9153ccf43c633a7b292e30c97370436a09f22fbcf817a802015650ffb1f84d2b83483bd

          Download Submit

        • C:\Program Files (x86)\b9c73b2a\jusched.exe
          Filesize

          208KB

          MD5

          1b3614797a8ce8d3e8bbf12396e8ccf6

          SHA1

          a4a9577e31d58cf24c2a1f3cf49e373c84ec7a22

          SHA256

          ed492753caa6981305e02777b60d4bd89f0ec8f85def3285092ca0d3c3d5df28

          SHA512

          133b3b4778399f8c2c908b182af76720c8e328b0f333d59265fc25455d9d2d752e0f32ebbea3cbebeb5b6fca75a719f4264b7f3745dca03fbef26676aadf0a5f

          Download Submit

        • \Program Files (x86)\b9c73b2a\jusched.exe
          Filesize

          129KB

          MD5

          ae61af961a18fd838b12cfd9310fc90f

          SHA1

          203c25be674008b017d75963bfcac68f6c2045d6

          SHA256

          e963f67bbe10da64ab05eba4e11604855c522d3ebbdcb6584e0746d876591c44

          SHA512

          ab9c45bd3f6b867ba9c2a3fb60c7f78aed2d86518b57e976047885286d7d6d19d2132d1e4dfcaa3d1b2883bb9032d1b465038c9cbf6f4431d29f0544eaae0ea4

          Download Submit

        • \Program Files (x86)\b9c73b2a\jusched.exe
          Filesize

          93KB

          MD5

          0b690b7fb4412040eed6cc007205e1f3

          SHA1

          8feb9b26729cfb0b870736adc9a90f327867aab3

          SHA256

          ff85a034ebeb8a51398d61b458b21beced3f9902176cf1e52f7a7b3969de006d

          SHA512

          c650faf553e0afd17301a274fc00d739fefd81b4f6768c86d80b816e2994d09888478af599088b5a0ffe9d9bab7568151ddf3370c411c93adedfa174f3be111f

          Download Submit