d6d9d4b2f14436eebf5dae08b6f34e4d01d89ae953eba5c49d4a4ee792b6b1a1

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 06:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bde0ce12bb2575d9a2badb873a94de28.exe
Size

740KB
MD5

bde0ce12bb2575d9a2badb873a94de28
SHA1

e7ec059cc8994161344a2df0a16724aa541a3428
SHA256

d6d9d4b2f14436eebf5dae08b6f34e4d01d89ae953eba5c49d4a4ee792b6b1a1
SHA512

afde43b5a5f8de5b3aea273fdba090b69a56a3fb9f45b46943a6d61b59c56d4f2d850e526af59aa5a31125e6ba5ea5f69ae3d4ffe784ba296702ac34a27abaaf
SSDEEP

12288:efW5XZbiCoG3Iq9pkg/Bz6fGF3Z4mxx1QUDwC9Aoc:efS8CoGr9ag/EfGQmX1QUMP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1860	junzai.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\junzai.exe	bde0ce12bb2575d9a2badb873a94de28.exe
File opened for modification	C:\Windows\SysWOW64\junzai.exe	bde0ce12bb2575d9a2badb873a94de28.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1684	4736	WerFault.exe	92
932	1860	WerFault.exe	100

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4736	bde0ce12bb2575d9a2badb873a94de28.exe
Token: SeDebugPrivilege	1860	junzai.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 1860	4736	bde0ce12bb2575d9a2badb873a94de28.exe	100
PID 4736 wrote to memory of 1860	4736	bde0ce12bb2575d9a2badb873a94de28.exe	100
PID 4736 wrote to memory of 1860	4736	bde0ce12bb2575d9a2badb873a94de28.exe	100

C:\Users\Admin\AppData\Local\Temp\bde0ce12bb2575d9a2badb873a94de28.exe
"C:\Users\Admin\AppData\Local\Temp\bde0ce12bb2575d9a2badb873a94de28.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 324
  2⤵
  - Program crash
  PID:1684
- C:\Windows\SysWOW64\junzai.exe
  C:\Windows\System32\junzai.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 324
    3⤵
    - Program crash
    PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4736 -ip 4736
1⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1860 -ip 1860
1⤵
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3488 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:4344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\junzai.exe

Filesize
740KB

MD5
bde0ce12bb2575d9a2badb873a94de28

SHA1
e7ec059cc8994161344a2df0a16724aa541a3428

SHA256
d6d9d4b2f14436eebf5dae08b6f34e4d01d89ae953eba5c49d4a4ee792b6b1a1

SHA512
afde43b5a5f8de5b3aea273fdba090b69a56a3fb9f45b46943a6d61b59c56d4f2d850e526af59aa5a31125e6ba5ea5f69ae3d4ffe784ba296702ac34a27abaaf

Download Submit
memory/1860-62-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/1860-63-0x0000000000A90000-0x0000000000AE4000-memory.dmp

Filesize
336KB

Download
memory/1860-65-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/1860-64-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/1860-69-0x0000000000A90000-0x0000000000AE4000-memory.dmp

Filesize
336KB

Download
memory/1860-67-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/1860-66-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4736-27-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/4736-33-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/4736-5-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/4736-6-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/4736-7-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4736-8-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4736-9-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-10-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-11-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4736-12-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-13-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-14-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-15-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-16-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-17-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-18-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-19-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-20-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4736-21-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4736-22-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/4736-23-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4736-25-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/4736-26-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4736-24-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4736-3-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/4736-28-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4736-29-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4736-30-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/4736-31-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/4736-4-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4736-32-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/4736-34-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-35-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-36-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-37-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-38-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-39-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-40-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-41-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-42-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-43-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-44-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-45-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-46-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-47-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-48-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-49-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-50-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-51-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-52-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4736-2-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/4736-1-0x0000000000B80000-0x0000000000BD4000-memory.dmp

Filesize
336KB

Download
memory/4736-53-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4736-54-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4736-55-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/4736-61-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/4736-70-0x0000000000B80000-0x0000000000BD4000-memory.dmp

Filesize
336KB

Download
memory/4736-0-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download