7c3bcd11e4ffbf5700ff141a526c816594fc71c7ece16a06bc52041534be527a

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jdcpw3.3.exe
Size

6.5MB
MD5

dab3f4b8322c1e41b112d488c4a4ea1b
SHA1

5d3eee060a3c033dfb028c913d8ae1c8c028ab2c
SHA256

af7ad399605b05fc87dab82695741cf4b5dbb207f01353a4561f8f2f13bcec03
SHA512

087453b9e9b460d901c56e9943ad1e9370065720a4057b49a0c05245fc32a5fb387a257591048a8643daca4759df1baead2e8fab861988b90746345c7cfc3736
SSDEEP

196608:c4AQOrotjozXtvbdd4thq/1ay77LzcSJxs4NLtt6v+5:8QOro5oJvbddCUg2xxRj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2524	jdcpw3.3.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2684	2524	jdcpw3.3.exe	27
PID 2524 wrote to memory of 2684	2524	jdcpw3.3.exe	27
PID 2524 wrote to memory of 2684	2524	jdcpw3.3.exe	27
PID 2524 wrote to memory of 2684	2524	jdcpw3.3.exe	27
PID 2524 wrote to memory of 2684	2524	jdcpw3.3.exe	27
PID 2524 wrote to memory of 2684	2524	jdcpw3.3.exe	27
PID 2524 wrote to memory of 2684	2524	jdcpw3.3.exe	27

C:\Users\Admin\AppData\Local\Temp\jdcpw3.3.exe
"C:\Users\Admin\AppData\Local\Temp\jdcpw3.3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
  C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe setup.dat
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr

Filesize
1.0MB

MD5
1081d7eb7a17faedfa588b93fc85365e

SHA1
884e264fa37bfb9e71d24f3f5c7554fdf94a8b9f

SHA256
0351d055cf1e194302ab125cc93208a8c733efb45dc301ca6e7e2a4051f411e0

SHA512
1ff9e7c495b9e005c8d3b56219794c31d804fe1944429e3d4fe013fd8fcb3f51c02b588748c7d9d869fdb115851932e8db4e6792aecd9c83f28237702582ba81

Download Submit
C:\Users\Admin\AppData\Local\Temp\~esetup\setup.dat

Filesize
24.7MB

MD5
78e8df859c2be48b5703f3d3acc9a0d0

SHA1
9e8909f418ea5ea0bcda4bc887ce7002e41e741f

SHA256
76148688a2edcc39c005981160512ae40d2dd7e4bb3081072ead4dab18d3a584

SHA512
e50432bdac2071f5f1d7acb26a90333b04724accdc4afda86b046e1a07e68b8f30e47ad5332d383b1bf7a000f007a3e23f08432ada8e800686bd2b02fa893614

Download Submit
C:\Users\Admin\AppData\Local\Temp\~esetup\xplib.fne

Filesize
48KB

MD5
89ea00ad735efa09b80842b8765587c6

SHA1
0bb724005492f4c67cb5f5101e9f5ec880518fcf

SHA256
f5668abc3ca176741a2c78fbcf0a0e9fa803f9e623327011785b8459a1d2ae10

SHA512
0be14d37f91f99b0c0562262f1867b37fa5559e08419f62f7f9c619c7468c42654c21b2569a8ff53dfd20a451a01e0667954af296ec98248eaee227ae83fd087

Download Submit
\Users\Admin\AppData\Local\Temp\~esetup\setup.exe

Filesize
30KB

MD5
7de8a9ce8297ab6194783f768d238f7c

SHA1
e5277e152d1aafbe7593b1cff1cab92ff812054f

SHA256
9599cb4ce9dd8c2260b88f11a47c1e6f44116a14ef57137d63ba551b714c33dc

SHA512
33a933ad6ace71a9539a286df0972fe9047475d7a560e9529d15a407eefc9333c762cf065abc9cb1f981af5511aef1f0127844fe6be0b9eaeadf46fe7fde21e3

Download Submit
memory/2524-8-0x00000000001B0000-0x00000000001BB000-memory.dmp

Filesize
44KB

Download
memory/2684-16-0x0000000000020000-0x000000000002B000-memory.dmp

Filesize
44KB

Download
memory/2684-17-0x0000000000020000-0x000000000002B000-memory.dmp

Filesize
44KB

Download
memory/2684-12-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2684-23-0x00000000002C0000-0x00000000002CD000-memory.dmp

Filesize
52KB

Download
memory/2684-24-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2684-25-0x0000000000020000-0x000000000002B000-memory.dmp

Filesize
44KB

Download
memory/2684-26-0x0000000000020000-0x000000000002B000-memory.dmp

Filesize
44KB

Download
memory/2684-27-0x0000000000020000-0x000000000002B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads