32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 03:14

Target

32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe
Size

58KB
MD5

eb89431038f850e6c3e7ffad00c57ef0
SHA1

08712520448ebb29de02ba9d90acc93e36bcec61
SHA256

32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd
SHA512

fea3c0f861e4c059577d916e7a617dc6c8e214cd51222ffe49b8c6d7dfd75f9c20c397e6a611ff1dd5f43aad38423faa47d64d91ea1ac98aba798657ab96088c
SSDEEP

768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6T:9rqfzQQRamN8835mv7CUroa

Score

10^/10

Credentials

Executes dropped EXE 1 IoCs

pid	Process
1028	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
1032	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe
1032	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\8b7e018d\jusched.exe	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe
File created	C:\Program Files (x86)\8b7e018d\8b7e018d	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 1028	1032	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe	28
PID 1032 wrote to memory of 1028	1032	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe	28
PID 1032 wrote to memory of 1028	1032	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe	28
PID 1032 wrote to memory of 1028	1032	32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Program Files (x86)\8b7e018d\8b7e018d

Filesize
13B

MD5
f253efe302d32ab264a76e0ce65be769

SHA1
768685ca582abd0af2fbb57ca37752aa98c9372b

SHA256
49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd

SHA512
1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

Download Submit
\Program Files (x86)\8b7e018d\jusched.exe

Filesize
58KB

MD5
5f64c2cb7965253b5927e10fb5833e05

SHA1
6650fc1522bd5e930189731fde3574073757dd76

SHA256
593803507f20d3a744d9ecbfdc63588375e9628394055322ae3cf660d6c3c8c7

SHA512
11fa83766e4c17ef793c7f277aca0d166187aaa932e71e4bca6f53e2eec3474f51f387296b831db287f7c8681f675bba02880f03b1ec3a5f73585c88cf650c9c

Download Submit
memory/1028-18-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1028-21-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1032-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1032-4-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/1032-5-0x0000000000401000-0x0000000000406000-memory.dmp

Filesize
20KB

Download
memory/1032-3-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1032-11-0x0000000004920000-0x0000000004964000-memory.dmp

Filesize
272KB

Download
memory/1032-17-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download