Analysis

  • max time kernel
    300s
  • max time network
    307s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26-02-2024 11:55

General

  • Target

    mjed.exe

  • Size

    27KB

  • MD5

    ccd138adfd7b6c7806ebf5a69fb0ec5d

  • SHA1

    7173bca3c26c25d3948ed8dce5607797500ac3ae

  • SHA256

    9b01b990c37f143b763b4dda75f54a9bff6f916bcee6af8ea7cec7be0481e4b5

  • SHA512

    bcfd77b0f35db7774a4c95ad91f6dd597afd9913139ce2bc9b3bcc013ba5fff74160c71cccd8cdaf240df4f1386bcec7504402488f2408903a8baa3aea479136

  • SSDEEP

    384:oLam4PanO4Y7pcdYGiTOCsPodxxM2AQk93vmhm7UMKmIEecKdbXTzm9bVhcaQ601:W63vc7OQ2A/vMHTi9bD

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mjed.exe
    "C:\Users\Admin\AppData\Local\Temp\mjed.exe"
    1⤵
    • Drops startup file
    • Suspicious use of AdjustPrivilegeToken
    PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-0-0x0000000073E40000-0x00000000743F0000-memory.dmp

    Filesize

    5.7MB

  • memory/2028-1-0x0000000073E40000-0x00000000743F0000-memory.dmp

    Filesize

    5.7MB

  • memory/2028-2-0x0000000002900000-0x0000000002910000-memory.dmp

    Filesize

    64KB

  • memory/2028-5-0x0000000073E40000-0x00000000743F0000-memory.dmp

    Filesize

    5.7MB

  • memory/2028-6-0x0000000073E40000-0x00000000743F0000-memory.dmp

    Filesize

    5.7MB

  • memory/2028-7-0x0000000002900000-0x0000000002910000-memory.dmp

    Filesize

    64KB