578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe
Size

8.4MB
MD5

3d39356af0dc7a5f0247b0c28e4afc11
SHA1

7ca37e428e4c5bd12c2c80c42517fc7e2e6506b8
SHA256

578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9
SHA512

f3652cf87772e36db8d7379e36eaefc9ecaf24361d8db8764a58ff77fe30f5a9629e8dda431de515decd2788812de8570134ac37d6b3990e7c18e30ee95ff50e
SSDEEP

196608:GiO1lcSu5gTe3p2VLyM0/f7Pnj57ymavlb+nEz+JGjd:BfmTe52VGM2/j57ym2b+Ez5jd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2016	lzma.exe
1916	lzma.exe

Loads dropped DLL 4 IoCs

pid	Process
1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe
1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe
1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe
1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 2016	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	28
PID 1280 wrote to memory of 2016	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	28
PID 1280 wrote to memory of 2016	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	28
PID 1280 wrote to memory of 2016	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	28
PID 1280 wrote to memory of 1916	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	29
PID 1280 wrote to memory of 1916	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	29
PID 1280 wrote to memory of 1916	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	29
PID 1280 wrote to memory of 1916	1280	578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe	29

C:\Users\Admin\AppData\Local\Temp\578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe
"C:\Users\Admin\AppData\Local\Temp\578a69152022dbb9c8069ad7e8befb2333887633bd7b23b442c1056a0edb71e9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\verpatch.exe.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\verpatch.exe"
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\JWrapper-JWrapper-00019224260-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\JWrapper-JWrapper-00019224260-archive.p2"
  2⤵
  - Executes dropped EXE
  PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\JWrapper-JWrapper-00019224260-archive.p2

Filesize
1.1MB

MD5
7ed01763022e7e9a6dd4c370a1c22c07

SHA1
431676c1f0b8d85daf9f0b53d88980d240300db2

SHA256
0032141a43109f60694ec1125d4daa98114647d09e13e0a9b0fe5a40ad24a1b2

SHA512
8a9d750eeb17a846bf0bdb49122142241d0ddf0b2aadb06b016901fabc731916e060e75306b78b91a091e6550231479e4ccf6ca3d326982ed469ef95d1749806

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\JWrapper-JWrapper-00019224260-archive.p2.l2

Filesize
383KB

MD5
32648a013cb28bd7056f4a8ade9f1bf6

SHA1
e4b041644dbb0ef79bd2dad5ecdc26bdfac219ee

SHA256
a29385774d3dec077e57f16ac54ccb53fa7fb1e89a3f6c320d991f4e8b8c906b

SHA512
9c23b223ba2efbf6ed776bcefad4ae01c2528643600664d804a7f49346c1c884c6b97e8b95d6ba3819a73f1e19c2369d163e03fd0c29fc8384d559ae8f08831b

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\verpatch.exe.l2

Filesize
16KB

MD5
0f01ede304c8199e4b56b847be0787e0

SHA1
a73f8dd25773469a1fd3cb873d2af3a95bf46fd5

SHA256
f719964e71b47116e87fdea44a50425e462fa9036e43d7badec624f36fe86d9d

SHA512
c46acf58ac2128576cf5996724f7b759092d0e705efff641a5feb5385f1a0078b78a9d044c51a80592bb90b137a633f9453105619b7a619389744a09963bbfb7

Download Submit
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1709863999-0-app\lzma.exe

Filesize
71KB

MD5
e59aa0e52e93c781dcdab8ad7cc4054c

SHA1
1be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e

SHA256
410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f

SHA512
d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads