5188c69bd772ebe6ca8b34e8c08eec90f63ffcf1d6ab20287e074732da21076a | Triage

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 09:02

Sharing

Report Analysis Logs

General

Target

jet/jet.exe
Size

34.2MB
MD5

5e06053d551d8d4030796d1f962aba92
SHA1

6cf2351a65be0515dc1392b59902774f476c36e8
SHA256

1ed92d4e3caae52e8b39dbe22d031c4a057355befa038045ebc7383e1da1f9b9
SHA512

9ecc16aa0c0e8ed6d817b701e86a6db320c7167d399349bd97f109dfade95d6ee3f786dd4b2004e0e396a090fb509633aea6bbe46065853a3abf42f3c2782bee
SSDEEP

786432:VuXHiRyc0PacOHzeMKVxzx5cfOHzeMKVxzx5cU5FRA3L:VuXHLc0PacOHzDCd5cfOHzDCd5cUzRO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

jet.exe

pid process

2804 jet.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

jet.exe

description	pid	process	target process
PID 2404 wrote to memory of 2804	2404	jet.exe	jet.exe
PID 2404 wrote to memory of 2804	2404	jet.exe	jet.exe
PID 2404 wrote to memory of 2804	2404	jet.exe	jet.exe

C:\Users\Admin\AppData\Local\Temp\jet\jet.exe
"C:\Users\Admin\AppData\Local\Temp\jet\jet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\jet\jet.exe
  "C:\Users\Admin\AppData\Local\Temp\jet\jet.exe"
  2⤵
  - Loads dropped DLL
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24042\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit