c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4

Analysis

max time kernel
120s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 02:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe
Size

8.4MB
MD5

48c91eabf47b255a535ecfcd0b8dc483
SHA1

5842ee20e5edfde37c4aea19daaca6aa5de7de9c
SHA256

c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4
SHA512

b1a03c8ea757bc7c1a14dccb4c23b2ba0b9d1cf8b9a2d285dd371abd2181e40faed63db7e39eea04f855333202df5a050716931cc3fd6aa8b0734b67ebe9708c
SSDEEP

196608:Iih1GESu5gTe3p2VLyM0/f7Pnj57ymavlb+FX9eUO:PvmTe52VGM2/j57ym2b+FXIUO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2760	lzma.exe
2464	lzma.exe

Loads dropped DLL 4 IoCs

pid	Process
2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe
2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe
2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe
2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 2760	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	29
PID 2832 wrote to memory of 2760	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	29
PID 2832 wrote to memory of 2760	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	29
PID 2832 wrote to memory of 2760	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	29
PID 2832 wrote to memory of 2464	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	30
PID 2832 wrote to memory of 2464	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	30
PID 2832 wrote to memory of 2464	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	30
PID 2832 wrote to memory of 2464	2832	c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe	30

C:\Users\Admin\AppData\Local\Temp\c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe
"C:\Users\Admin\AppData\Local\Temp\c68601cd8867129cb1d03742a1db03eff943f3e17b50d2e8c4b19d1579f89fa4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2832
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\lzma.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\lzma.exe" "d" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\verpatch.exe.l2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\verpatch.exe"
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\lzma.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\lzma.exe" "d" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\JWrapper-JWrapper-00019224260-archive.p2.l2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\JWrapper-JWrapper-00019224260-archive.p2"
  2⤵
  - Executes dropped EXE
  PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\JWrapper-JWrapper-00019224260-archive.p2

Filesize
1.1MB

MD5
089502f3f5624218fa559d8c94fc17e9

SHA1
586857cb6762732a0116219fff536399220e1e83

SHA256
79f6fed58712b00ea5a1b9962cf9853e9adc89924aa6a57d878c1ad65862a809

SHA512
85f30fa66332389ab7f3219363fe611c03186b428aaebcbdf488e2eb51f66bb2b952de9e8ea22f5c32b433a7797469a9121bb573c83c3d9f576be44f2fa57ce2

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\JWrapper-JWrapper-00019224260-archive.p2.l2

Filesize
379KB

MD5
03b08024d91cf68ac9cfa7733878c808

SHA1
a0d737afaab6f2e21e0923ae1209fc6e7491e9ad

SHA256
761d1e7ac229b70cd0c595d33a81d027be59f42e287917f5eeee744ec7c06a9b

SHA512
7e25d8f1c3ed6f2069cfa62b8d2461988049a2ac0df191ffb5ebfd0b861014f4837334bc28f21a5fff8b9bd5ff774d5e0af6f5bf998baaea126b01e4b1fa7eb1

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\verpatch.exe.l2

Filesize
16KB

MD5
0f01ede304c8199e4b56b847be0787e0

SHA1
a73f8dd25773469a1fd3cb873d2af3a95bf46fd5

SHA256
f719964e71b47116e87fdea44a50425e462fa9036e43d7badec624f36fe86d9d

SHA512
c46acf58ac2128576cf5996724f7b759092d0e705efff641a5feb5385f1a0078b78a9d044c51a80592bb90b137a633f9453105619b7a619389744a09963bbfb7

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapperTemp-1709865280-0-app\lzma.exe

Filesize
71KB

MD5
e59aa0e52e93c781dcdab8ad7cc4054c

SHA1
1be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e

SHA256
410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f

SHA512
d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads