Malware Analysis Report

2025-08-05 15:55

Sample ID 240602-3q514scf48
Target 764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617
SHA256 764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617
Tags
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617

Threat Level: Known bad

The file 764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617 was found to be: Known bad.

Malicious Activity Summary


Detects executables packed with VMProtect.

Detects executables packed with VMProtect.

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 23:44

Signatures

Detects executables packed with VMProtect.

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 23:44

Reported

2024-06-02 23:46

Platform

win7-20240508-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe"

Signatures

Detects executables packed with VMProtect.

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\61dbdd7c\jusched.exe C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe N/A
File created C:\Program Files (x86)\61dbdd7c\61dbdd7c C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\61dbdd7c\jusched.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe

"C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe"

C:\Program Files (x86)\61dbdd7c\jusched.exe

"C:\Program Files (x86)\61dbdd7c\jusched.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 elegan_786444.el.funpic.org udp
US 8.8.8.8:53 griptoloji.host-ed.net udp
US 8.8.8.8:53 ftp.tripod.com udp
US 209.202.252.54:21 ftp.tripod.com tcp
US 209.202.252.54:21 ftp.tripod.com tcp

Files

memory/3016-0-0x0000000000400000-0x000000000042C000-memory.dmp

\Program Files (x86)\61dbdd7c\jusched.exe

MD5 8d42123f44bb48cb7f5e3a17074cbb60
SHA1 6d5de1c5b5395cdec7cad4f184e44e747f258e12
SHA256 e3c490bc7b8b7fcb9bb6867ee9731f42d8d6801c9e9a71d8d8c218f2ba9442b8
SHA512 245b19de4982220e085851d19c20d52957bfccc5c95bba86c3c8c4f3bdc6500c977cf96e4652d821e4237a7dfb914e0a97e6673aad4d410906a6b96ddd5305c4

memory/3016-6-0x00000000027F0000-0x000000000281C000-memory.dmp

memory/3016-12-0x0000000000400000-0x000000000042C000-memory.dmp

memory/3016-13-0x00000000027F0000-0x000000000281C000-memory.dmp

memory/2192-14-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Program Files (x86)\61dbdd7c\61dbdd7c

MD5 f253efe302d32ab264a76e0ce65be769
SHA1 768685ca582abd0af2fbb57ca37752aa98c9372b
SHA256 49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd
SHA512 1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 23:44

Reported

2024-06-02 23:46

Platform

win10v2004-20240226-en

Max time kernel

157s

Max time network

164s

Command Line

"C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe"

Signatures

Detects executables packed with VMProtect.

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\da742b0c\jusched.exe C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe N/A
File created C:\Program Files (x86)\da742b0c\da742b0c C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A
N/A N/A C:\Program Files (x86)\da742b0c\jusched.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe

"C:\Users\Admin\AppData\Local\Temp\764d8565eeac3cb947a8809835a02f46c71c8a257c3c511635283e51a2513617.exe"

C:\Program Files (x86)\da742b0c\jusched.exe

"C:\Program Files (x86)\da742b0c\jusched.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4064 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 elegan_786444.el.funpic.org udp
US 8.8.8.8:53 griptoloji.host-ed.net udp
US 8.8.8.8:53 ftp.tripod.com udp
US 209.202.252.54:21 ftp.tripod.com tcp
US 8.8.8.8:53 54.252.202.209.in-addr.arpa udp
US 8.8.8.8:53 elegan_786444.el.funpic.org udp
US 8.8.8.8:53 griptoloji.host-ed.net udp
US 209.202.252.54:21 ftp.tripod.com tcp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

memory/4444-0-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Program Files (x86)\da742b0c\jusched.exe

MD5 15143b9587945079a54e4c75d5f7e0f7
SHA1 b258c71cfcbfb625faacfed7452c56a5e3213ebb
SHA256 40f12bf35f69c1871790a744daf38b124c10aa767dca15d531c9b5272ff879b8
SHA512 cc4e261055ffd27ae51fe15ec5d18ac1fe622f907a741cd834dc4ae7b024dae7efc4b8cb496b00ef5dcb191e344b6004f3832c8e2f6f5f9f975867868be196fd

memory/4816-10-0x0000000000400000-0x000000000042C000-memory.dmp

memory/4444-11-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Program Files (x86)\da742b0c\da742b0c

MD5 f253efe302d32ab264a76e0ce65be769
SHA1 768685ca582abd0af2fbb57ca37752aa98c9372b
SHA256 49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd
SHA512 1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4