d6d9d4b2f14436eebf5dae08b6f34e4d01d89ae953eba5c49d4a4ee792b6b1a1

General

Target

bde0ce12bb2575d9a2badb873a94de28.exe
Size

740KB
MD5

bde0ce12bb2575d9a2badb873a94de28
SHA1

e7ec059cc8994161344a2df0a16724aa541a3428
SHA256

d6d9d4b2f14436eebf5dae08b6f34e4d01d89ae953eba5c49d4a4ee792b6b1a1
SHA512

afde43b5a5f8de5b3aea273fdba090b69a56a3fb9f45b46943a6d61b59c56d4f2d850e526af59aa5a31125e6ba5ea5f69ae3d4ffe784ba296702ac34a27abaaf
SSDEEP

12288:efW5XZbiCoG3Iq9pkg/Bz6fGF3Z4mxx1QUDwC9Aoc:efS8CoGr9ag/EfGQmX1QUMP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1876	junzai.exe

Loads dropped DLL 2 IoCs

pid	Process
1548	bde0ce12bb2575d9a2badb873a94de28.exe
1548	bde0ce12bb2575d9a2badb873a94de28.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ieapfltr.dat	bde0ce12bb2575d9a2badb873a94de28.exe
File created	C:\Windows\SysWOW64\junzai.exe	bde0ce12bb2575d9a2badb873a94de28.exe
File opened for modification	C:\Windows\SysWOW64\junzai.exe	bde0ce12bb2575d9a2badb873a94de28.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1548	bde0ce12bb2575d9a2badb873a94de28.exe
Token: SeDebugPrivilege	1876	junzai.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 1876	1548	bde0ce12bb2575d9a2badb873a94de28.exe	28
PID 1548 wrote to memory of 1876	1548	bde0ce12bb2575d9a2badb873a94de28.exe	28
PID 1548 wrote to memory of 1876	1548	bde0ce12bb2575d9a2badb873a94de28.exe	28
PID 1548 wrote to memory of 1876	1548	bde0ce12bb2575d9a2badb873a94de28.exe	28

C:\Users\Admin\AppData\Local\Temp\bde0ce12bb2575d9a2badb873a94de28.exe
"C:\Users\Admin\AppData\Local\Temp\bde0ce12bb2575d9a2badb873a94de28.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Windows\SysWOW64\junzai.exe
  C:\Windows\System32\junzai.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\junzai.exe

Filesize
740KB

MD5
bde0ce12bb2575d9a2badb873a94de28

SHA1
e7ec059cc8994161344a2df0a16724aa541a3428

SHA256
d6d9d4b2f14436eebf5dae08b6f34e4d01d89ae953eba5c49d4a4ee792b6b1a1

SHA512
afde43b5a5f8de5b3aea273fdba090b69a56a3fb9f45b46943a6d61b59c56d4f2d850e526af59aa5a31125e6ba5ea5f69ae3d4ffe784ba296702ac34a27abaaf

Download Submit
memory/1548-10-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/1548-8-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1548-4-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1548-24-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/1548-23-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/1548-7-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1548-21-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/1548-20-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/1548-19-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/1548-18-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1548-17-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/1548-16-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/1548-15-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1548-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1548-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1548-12-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/1548-11-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/1548-0-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/1548-2-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1548-9-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1548-22-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1548-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1548-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1548-3-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1548-25-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/1548-1-0x0000000000380000-0x00000000003D4000-memory.dmp

Filesize
336KB

Download
memory/1548-35-0x0000000003FB0000-0x000000000413A000-memory.dmp

Filesize
1.5MB

Download
memory/1548-30-0x0000000003FB0000-0x000000000413A000-memory.dmp

Filesize
1.5MB

Download
memory/1548-46-0x0000000000380000-0x00000000003D4000-memory.dmp

Filesize
336KB

Download
memory/1548-43-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/1876-40-0x00000000032B0000-0x00000000032C0000-memory.dmp

Filesize
64KB

Download
memory/1876-41-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/1876-39-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/1876-38-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/1876-45-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/1876-44-0x00000000032B0000-0x00000000032C0000-memory.dmp

Filesize
64KB

Download
memory/1876-42-0x00000000032B0000-0x00000000032C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing