2980e4ce8783e25aad73add6723519b845a524158d1d6be1ef78cf15b88d3760

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6551041809c22dd6d0cb0ffbf4a68ab8.exe
Size

695KB
MD5

6551041809c22dd6d0cb0ffbf4a68ab8
SHA1

e64b8a5b2828c892938ecf05df445218eba37f42
SHA256

2980e4ce8783e25aad73add6723519b845a524158d1d6be1ef78cf15b88d3760
SHA512

dd14a3a64119a8538affa638d66330ab43e6536f5c5f64e7ad75c4d71057b2f9df6dfde180e1dd34b727d36ac67a0910fcc1cb4686c9003eaf657f6188498f60
SSDEEP

12288:DC0NZyZL3/BRPTIWPoHwKtJNhPVG/PYb7U8tF3Z4mxxXoEtlK+kt9T2Mb:ryZ3p5XFWNhPQob7U8tQmX4Gq

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2948	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2708	rejoice45.exe

Loads dropped DLL 5 IoCs

pid	Process
2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe
2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\_rejoice45.exe	rejoice45.exe
File opened for modification	C:\Windows\SysWOW64\_rejoice45.exe	rejoice45.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2708 set thread context of 2824	2708	rejoice45.exe	29

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice45.exe	6551041809c22dd6d0cb0ffbf4a68ab8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat	6551041809c22dd6d0cb0ffbf4a68ab8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice45.exe	6551041809c22dd6d0cb0ffbf4a68ab8.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2896	2708	WerFault.exe	28

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2708	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	28
PID 2232 wrote to memory of 2708	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	28
PID 2232 wrote to memory of 2708	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	28
PID 2232 wrote to memory of 2708	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	28
PID 2708 wrote to memory of 2824	2708	rejoice45.exe	29
PID 2708 wrote to memory of 2824	2708	rejoice45.exe	29
PID 2708 wrote to memory of 2824	2708	rejoice45.exe	29
PID 2708 wrote to memory of 2824	2708	rejoice45.exe	29
PID 2708 wrote to memory of 2824	2708	rejoice45.exe	29
PID 2708 wrote to memory of 2824	2708	rejoice45.exe	29
PID 2708 wrote to memory of 2896	2708	rejoice45.exe	30
PID 2708 wrote to memory of 2896	2708	rejoice45.exe	30
PID 2708 wrote to memory of 2896	2708	rejoice45.exe	30
PID 2708 wrote to memory of 2896	2708	rejoice45.exe	30
PID 2232 wrote to memory of 2948	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	31
PID 2232 wrote to memory of 2948	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	31
PID 2232 wrote to memory of 2948	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	31
PID 2232 wrote to memory of 2948	2232	6551041809c22dd6d0cb0ffbf4a68ab8.exe	31

C:\Users\Admin\AppData\Local\Temp\6551041809c22dd6d0cb0ffbf4a68ab8.exe
"C:\Users\Admin\AppData\Local\Temp\6551041809c22dd6d0cb0ffbf4a68ab8.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice45.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice45.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\system32\calc.exe"
    3⤵
    PID:2824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 300
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2896
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
  2⤵
  - Deletes itself
  PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice45.exe

Filesize
135KB

MD5
4d1d5a81255b080f0db3668180c34b93

SHA1
113d812c9a6bb847ff5458194e04026c5d69618d

SHA256
2064bf095f9ddbd8f631026c52ee49ecb81485c4fb983a5eb36e0d1521854a67

SHA512
5484001ba1187a2c2f678005fb485b2d8b626569de21d2c17e5c0471842c543f1c697aa03e94e9e106274fc0a7e6be738cab9b70838abf347df3c78e79211fc2

Download Submit
C:\Program Files\Common Files\Microsoft Shared\MSInfo\Delet.bat

Filesize
184B

MD5
8a4d19b69d10ddb2f979af22e3667736

SHA1
1ccc413e2cf30c43b594ddaedeea68db690e9051

SHA256
d94f93dbe161ff2c72058ffe7834623c2777e9df0caa1960ac335a0d203132ed

SHA512
2e45134c6c92baa3288823b44a2f2288770f2f5d218981bba54e2baeca336785cb0f6a816fa8555d33c906b090570b6cc133a0625c2a3065eb1f13b926fea42d

Download Submit
C:\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice45.exe

Filesize
148KB

MD5
d30074fda46ec1c3f8f220bc814a4b99

SHA1
7e4bc1d486d932b0a2fc0e4a4668c182e7027267

SHA256
4f3bc975b6a8019d9c67f50c0dd9d6e0faa24238f751b4d5e4eb1743cf8ea765

SHA512
3d9ed4c57320ef35433b360b5f5457be71292f5fd41d2e18cf5ad7a87a38fac438fc588b749492c8c7ac8c79cdb3457721946ab79a925907e6aa3c70f6fcdb28

Download Submit
C:\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice45.exe

Filesize
140KB

MD5
e55295e07fd842e4bd0ad23226b7b794

SHA1
215a9a8e9fff03a2c6a2526f8a1d29708ac7afa0

SHA256
77fa249e4f5ed0f0cb6b9cb0f5d5e95df242b22a6617409dc15c8874aecc5383

SHA512
3a06707f1d394d56c3d886b7dcbb856d23d02b488e538eb86b50be6b55d9c7da701c23612b3bccd22a23d450bda148eb318d125f6f0b91c61c8631dd723126f2

Download Submit
\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice45.exe

Filesize
695KB

MD5
6551041809c22dd6d0cb0ffbf4a68ab8

SHA1
e64b8a5b2828c892938ecf05df445218eba37f42

SHA256
2980e4ce8783e25aad73add6723519b845a524158d1d6be1ef78cf15b88d3760

SHA512
dd14a3a64119a8538affa638d66330ab43e6536f5c5f64e7ad75c4d71057b2f9df6dfde180e1dd34b727d36ac67a0910fcc1cb4686c9003eaf657f6188498f60

Download Submit
\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice45.exe

Filesize
329KB

MD5
58273515a359240e9b33bf8c4461e1cc

SHA1
bc356e9c77192d2a7c92d4900a12376a8ed95574

SHA256
62463b68819e1e8ec6bd28a3f9994e15e6906c281619b2dfd2c21a1071ec2613

SHA512
25c06d46c03f081766914d47b3e1b17cc6e2d3013a8f00ae6009a374e9c8f221d5165658fee98b50622b73a978d5a646930263b6de1a7650282ab3fad2248d04

Download Submit
\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice45.exe

Filesize
386KB

MD5
34fe450939d1a51236df07ee97da6394

SHA1
c3e7f3dea1f235f852a446aa704b0f9f353b85a9

SHA256
848487943d2e23fd7a75949cb98078a82ddf39f5583e3aa81d5f6269af11df9d

SHA512
7affb9c22a8602409c702a39b7c63ea94f177c50a89c39c33ef81d65a8b9a8fb2c1228da91838895c8e8ca4d9032ba3ec8c9a23cc614c08f1a1f789b4044da5a

Download Submit
\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice45.exe

Filesize
460KB

MD5
03cc9b15e031ea795b9b5d06105a0e99

SHA1
8120ab16f164176df85f128f451e9d4872fae271

SHA256
e5a379263836861faf1235673507b55f95e825c2b54c3f55bf53cded005a004b

SHA512
2c9b84265b345d0b73ab6004f144bc645fedddc771fad2d433043cd5a77ba436d8e0c3eac152e974a4dd1e6cfa7d8cfaeace50f3866c0895072eba0d4941322f

Download Submit
memory/2232-6-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/2232-8-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/2232-2-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2232-11-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2232-4-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2232-20-0x00000000043D0000-0x0000000004540000-memory.dmp

Filesize
1.4MB

Download
memory/2232-5-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/2232-7-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/2232-68-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2232-3-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/2232-53-0x00000000043D0000-0x0000000004540000-memory.dmp

Filesize
1.4MB

Download
memory/2232-51-0x0000000000840000-0x0000000000894000-memory.dmp

Filesize
336KB

Download
memory/2232-49-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2232-44-0x00000000043D0000-0x0000000004540000-memory.dmp

Filesize
1.4MB

Download
memory/2232-10-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2232-9-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/2232-0-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2232-1-0x0000000000840000-0x0000000000894000-memory.dmp

Filesize
336KB

Download
memory/2708-35-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-55-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-47-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2708-38-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-40-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/2708-22-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2708-33-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-43-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2708-42-0x0000000002340000-0x0000000002342000-memory.dmp

Filesize
8KB

Download
memory/2708-39-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2708-26-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-60-0x0000000002340000-0x0000000002342000-memory.dmp

Filesize
8KB

Download
memory/2708-31-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-50-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2708-29-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-59-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2708-41-0x0000000002340000-0x0000000002342000-memory.dmp

Filesize
8KB

Download
memory/2708-56-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-57-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2708-58-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/2824-27-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2824-34-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download
memory/2824-37-0x0000000000BA0000-0x0000000000BA0000-memory.dmp

Download
memory/2824-30-0x0000000000400000-0x0000000000570000-memory.dmp

Filesize
1.4MB

Download