Overview

overview

10

Static

static

3

a41c42d3e0...b6.exe

windows7-x64

7

a41c42d3e0...b6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    168s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a41c42d3e015cd5f34528529493066460d5aa54866caa035cd5553904dce83b6.exe

  • Size

    180KB

  • MD5

    0e5ee730483da039e706d34809e3cf11

  • SHA1

    3f775300ff07c72144d781928a16631c4b750e8b

  • SHA256

    a41c42d3e015cd5f34528529493066460d5aa54866caa035cd5553904dce83b6

  • SHA512

    85423f79d562c645ff4b3357410e9af97375857d4a41db5a1039cf1a3afc8b5e0f103a12da80921c2ca06a120a0cd71a5c664effd4bf0685fd7180e709c2b5e5

  • SSDEEP

    768:u/5inm+cd5rHemPXKqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLOkM:uRsvcdCQjosnvnZ6LQ1EXM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a41c42d3e015cd5f34528529493066460d5aa54866caa035cd5553904dce83b6.exe
    "C:\Users\Admin\AppData\Local\Temp\a41c42d3e015cd5f34528529493066460d5aa54866caa035cd5553904dce83b6.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
      "C:\Program Files (x86)\Java\jre-09\bin\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    180KB

    MD5

    8bdbf4a2cb5ab4507834336c9bdedbaf

    SHA1

    37c66a4b749c28b33a4b9af26ba0a82f992ecbcf

    SHA256

    708d7ea5258634419b8af46ca2542d2de1bbbc8a70a5a819686f6130dfe35b03

    SHA512

    4b1fd28836ecdc1654dbf50cdddfc69b2732a94905877415557487de5cb9b95c7ad513aa3df5c70a2a7a1e6aa74caa07a835f9dfbe5a828c1cdc073579add911

    Download Submit

  • memory/2684-14-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3020-0-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3020-11-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3020-13-0x0000000004510000-0x0000000004554000-memory.dmp

    Filesize

    272KB

    Download