Analysis
-
max time kernel
82s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
15/07/2024, 12:19
General
-
Target
SecuriteInfo.com.W32.Jacard.A.tr.1039.8430.exe
-
Size
1.5MB
-
MD5
50a5e891da27e63d54e68511e48aa026
-
SHA1
87073d85a7ba420b15c8bb9a9e4adc64db2bcfef
-
SHA256
0788aaea249d92a84f70047efcacaa54c26320b439c490ba3ce00457955031d6
-
SHA512
6df8811e3e1f6a4110ca3b7c498af13898b46962a30888879180b2f11dda24344a1de4807663d46dd86f7ea11855d08137980cc85fe71e688d082f2f79994909
-
SSDEEP
24576:AfHFw5b9DOnFYrv+kjqipUompMEoNMDYSkbDknoI6JK+ZYtEi8ETtAM5B:sjFYrv+kjV45oeYSRnyJhOtEVcf5B
Malware Config
Signatures
-
Drops file in Windows directory 4 IoCs
-
Executes dropped EXE 9 IoCs
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Loads dropped DLL 16 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 44 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Jacard.A.tr.1039.8430.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Jacard.A.tr.1039.8430.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C START "" "C:\Users\Admin\AppData\Local\Temp\interface.lnk"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\interface.cmd" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mode.comMODE CON: COLS=76 LINES=154⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "4⤵
-
-
C:\Windows\SysWOW64\findstr.exeFINDSTR /I /R /C:"version 5\.[0-1]\."4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
C:\Windows\SysWOW64\waitfor.exeWAITFOR unlock4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\detection.exe"C:\Users\Admin\AppData\Local\Temp\detection.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\curl_x64.exe"C:\Users\Admin\AppData\Local\Temp\curl_x64.exe" --connect-timeout 5 --max-time 20 --fail --silent --request GET "https://www.touslesdrivers.com/php/mes_drivers/version.php?v_version=3.0.4"3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S MVFYZPLM /SI unlock3⤵
-
-
C:\Windows\SysWOW64\SC.exeSC query Winmgmt3⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S MVFYZPLM /SI unlock3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" driverfiles 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Drops file in Windows directory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" drivernodes 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Drops file in Windows directory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" hwids 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" stack 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\detect_x64.exe"C:\Users\Admin\AppData\Local\Temp\detect_x64.exe" status 1394\* DISPLAY\* HDAUDIO\* HID\* MONITOR\* PCI\* PCMCIA\* SBP2\* SD\* USB\*3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S MVFYZPLM /SI unlock3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\aes_x64.exe"C:\Users\Admin\AppData\Local\Temp\aes_x64.exe" -e -p anT^UpFuzpuC@lOvsoPVe2kiNTidaBo<zI]BeaRnU0ResFwAy@dEnuCkUd)hAzOh -o "C:\Users\Admin\AppData\Local\Temp\kop7lBaTdKQQA3I1\kop7lBaTdKQQA3I1" -3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\curl_x64.exe"C:\Users\Admin\AppData\Local\Temp\curl_x64.exe" --connect-timeout 5 --max-time 20 --fail --silent --request POST --form "v_configuration=<C:\Users\Admin\AppData\Local\Temp\kop7lBaTdKQQA3I1\kop7lBaTdKQQA3I1" "https://www.touslesdrivers.com/php/mes_drivers/envoi.php?v_id=kop7lBaTdKQQA3I1&v_version=3.0.4"3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C START "" "http://www.touslesdrivers.com/index.php?v_page=31&v_id=kop7lBaTdKQQA3I1"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.touslesdrivers.com/index.php?v_page=31&v_id=kop7lBaTdKQQA3I14⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1012 CREDAT:275457 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\WAITFOR.exeWAITFOR /S MVFYZPLM /SI unlock3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
854B
MD58d1040b12a663ca4ec7277cfc1ce44f0
SHA1b27fd6bbde79ebdaee158211a71493e21838756b
SHA2563086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727
SHA512610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1
-
Filesize
1KB
MD51c28e0f91908116e00c0281e474d630b
SHA1589318e632236bb88857c2eaf5cc6a8f0ca7f81c
SHA2565682cb4eb81e6d917f2955986181cb6c717f7de2ce67772eeef532b7b0f46f43
SHA512498a6bc1aa84911be27b28accc13ca054184c20ba2651ede0dde6ccabfc7a38478e3b475e53129a302f7e15c42087634677134925501db9d5a539b6cc0074c11
-
Filesize
170B
MD50dc437d0b91d9ee29fa7260081425bfe
SHA1395ae42ae5b7309a19ba555d3cf72ec04f112333
SHA256847509430582a4b7e1a426ffd7df821fbdbfc5517bf5b96cf494c2bcf9ce869c
SHA5127403bf95d767f45bd34e379fcd88d8345edd9df57e5a6249ff87afc7d73b9c9630f9d2aadacab91d9a6b5917d98c5dce8f440cd27ff64fc31a6f49601ad034f0
-
Filesize
342B
MD5d5f13af4f622e9b880a8785602fbd844
SHA143f9cd01c212198f45b463ebdf2fbc18a77ab02e
SHA256b5da3eb084c115296526423cea46cbfe03454f56c559bcc8584f8a420e1e9b15
SHA512197bd19d2e4716b35cf55e4830b83e2495736c6ecd87d3ab66a8c72cf8e93f6ae677407dbdf14034d9b1267394eab1a5d3555639c3276f33443732475631353e
-
Filesize
342B
MD57fff503ce5eb54419ba7e5993ff2dda6
SHA19d6e98a184b2b225487695bbeacf1b5de6ea081a
SHA256a57f64109e4fd053abaa626bc38f3de3bf14ac2ab5e0a2f40c28cf9e67961c9a
SHA5129bfc1a22f4c2eef80bc849f810865262f58d69df5540e8f4d1bee5e311a21b24575f6c1ac830a5dff995bebd229a60ad15c7c712bcdfae056d14a7f58a97849d
-
Filesize
342B
MD58ad668efca566e62684395451628a02f
SHA15014a56ce26c26ab7604ebcd2cfefcd12ac48e5c
SHA2568dfbda717e30e970212e917231d8771b39d17ea93e991b65cb42e32313b2414c
SHA512b4c21d322d9318ad2ba78da3a21d19ec939395f4f4672c89b5e799262a8b99932a86600103e0aee59338972bd451a2b3becda4f261156cd5624645480b284745
-
Filesize
342B
MD598013a9248a47a2b1621ad9e39b140d8
SHA1fce27d85230c2b26f0e2a979cf359ca557938e83
SHA25606fd22aa5c0c691ece9c51aa830f46379821429b058a28135d4f8c5ed1e7ece1
SHA51227b21ae7c3b8b53d742ef39079eff6ae6afc15db0511b1bef0337be14a921972552c7983b27f434ba7e773fad6825d980fbc4ddaa9aba87d1923dceed934bd2a
-
Filesize
342B
MD5dff3938e264b56fe9ddd85b705e83887
SHA12aeb56912a10379f5a469ca542b2f368862e43a5
SHA2568d06f86e8547a4bca1d6eee7586ebf5c200d1eea7b7374c2681deb83bb02eeea
SHA5129f826905f628ba19568e243e2af38a39194d2e3efaf4130ca429c26ffc74a6edf59e8ba5cdcc31d926c215c43bd84a79796d1e7514d9c5eac0f8f70bc4ce9e4f
-
Filesize
342B
MD5f6c5e03ff46545004d5c1c827592ea9e
SHA1771deb05af74f42d4867bd7f710bd04c1327f150
SHA2560b279d2527eaddb3ade2aa3b9083f4a81647e3dd50e94d9f4eb02d5d97cdb125
SHA512953a70445166846d9028cb1740f6cf2a5562b183befa51e9a0099ea961f95724ab7f32e99589b389ad3fc9b9e4d923230f4a3e926fbd2b06bf9450335a6e7ffd
-
Filesize
342B
MD50f53c1c40a099c19b7c8a5bc61976f5d
SHA164f1d50c6ee1b33939756b2d0671c15e9bcb6db9
SHA256fe4545d327aba1b04452dd6a3ed9c3e8e275a8c76dd1b2014f45c4e026c0d840
SHA51257d3640ec9ab317f9a66e886670d415fc934fb4746c44b6458fe930c792285c3aee1c3b41fe2866cdfead6bd7dfa8afcc5d4971e0ab716eb11bf0860de17a99b
-
Filesize
342B
MD59745710765c5554da2c0adbe02fd4ae2
SHA198eed0fcc747c4d62fff7a365b0afdccb9bd5572
SHA25667e0555901722ad5e7a7e0425f961e81cee027d7448242100703d45a1a21f722
SHA512c673ab397e54c7fa2474c46855adea3dc2ef43f7a54a1354be28a4345bb00ca0952da68a2be596c35c570280bc710d40f021daa5bc94c6d87521123e907d0060
-
Filesize
342B
MD5f63fd3fc56ee0582a7751e09bc967898
SHA151ddca780212e3c7f003f0e1690ca045f009d533
SHA2568ccc05faea4a98f06b2e8b6bc76ac43ff4a2fe6a1ddb7edc7ba6a17e87d4193d
SHA512e04111adcdad422efab7e48ee2ecd257347963314f6c5d0aa55373b36802898d45e429e83e8895a795197ff6f6103b9b0a67bc36bce4f124cc37f5e5071d085e
-
Filesize
342B
MD5810c5ffbbda330a7011fe9e863ac2699
SHA119f319c0050a0c4f08875d7a1bc6843a9184e638
SHA256fa6cedb9ee5362586651ce4e928a295514934ebe448acc1bf5502f5810e8aeb4
SHA5128885e00c0f99dd870471c3425356b3851ab7839a0d39386f9c77d8f6e8c1f9d1fb346fa1499b13bf2bd6f5c2a0b61dba4993db946a8b9fc072ed188e2ee837d9
-
Filesize
342B
MD5c24e9908ca063ae717760b6b1e526af2
SHA1bef9bdf46cc2f8d2046246204a1a7ad680dd8819
SHA2566bafef25b2298c0ba8f675fd5cc20e1562205afb3cf3cdecc12a72c715f348ed
SHA512beeff51198198d93f686d6aa93ac797f9e62d4de89696f97f5c07232a2ae9bcf82e4610d56ecefb267e83d3734990b806db2e5effa0058687473d2c0a67d0ed0
-
Filesize
342B
MD525ae0fc77b5787f45b4461182db091dc
SHA1e902922e301f106086d9f35c35c2c23ec7c46197
SHA256d0031814999f89c55e2df5fc91111bd399578fdbf054be7d08a9e39c9f96de8b
SHA5124c3e79ecbe8007f3452cd26050d875c2945b3b7cebedeb50b02bc90b2d2e0e13a14c9c3e4d4a8edcf02edd29209cd955cf77974af657cc9684625b5c614d8362
-
Filesize
342B
MD5f43dc0d7160bcc27745825c5a42b5534
SHA1b22daadc5eac3cae2dd2751ef011bb187ad0916e
SHA2561f057151539913c3eab8559177193af28a1d58f8ca37d95873d18bf1d5dc812f
SHA5124da14b4e4efcba20166275ccee0f2fc567c688c57ed20dc4757472beccbf1987c2f34b9925c1fcc0ed77afc47769e2ad3b55066f4c5f5036bd8301c931a6b86d
-
Filesize
342B
MD535b6f2d9860375aaf1dac079602d24d8
SHA117e977990196f692c8c0d6a7026252bf5f91934c
SHA256e0bdfc780c58d355389ee6887043bb61ced53869a78570e79024a77bd4aa4ee2
SHA512a3e2dab916756bfb8317e53c012a3dc941f6a9fdd12b8159ac6792ba8ee9d5978a84dc09098233cabbea4ebc4ff30b92ba189d170806ff9a4dd781926ff8f172
-
Filesize
342B
MD514465f9d58a64b4dbeb3fe0bfff7a072
SHA13b990de9a87b3667221c03605348759e804eb199
SHA2561ffa2d973c1a2c487817eedf7a41ea933df630e04b0bb2f0d197c3127ca9712b
SHA512a526a66f813b11781f7c9d1c3f4165524bde3634f6ed16ea3604e9f322e637cd444c385962d15e4a7722ae89ac46ff7be9608e48f170a3974eb65a36507d4c1d
-
Filesize
342B
MD556d9f21cc6b53e1b3877465bc175f6d3
SHA1c1b8b194197ed8b3855f6db51508c45f9e38a2b8
SHA2562cebbb376050a04567f06908e9856f5ebba6357ffc7e637c90c179ef6e8c6727
SHA512aee694930c48c8e2167855a5b375b2b0876f39274a2573435358aa316568d5aa4b5878428b475e36309e1e90632af951b43f106f2b8e29994ee78d312c39b09f
-
Filesize
342B
MD5dc661ff3164ec97915eb1904ca585fe6
SHA1ac87408ef8581a92a2543ea16555a55e22ccf5bc
SHA256c3295c3df57132e4aca93450efbe856c1688a21063c06296f9400e467b643b81
SHA512f281a67df7d3a0135554679de1b3e1bf365cdae1e59d649be9d50b546d922c48c2a42933ed987bf12331b42f9700ce9e380b546205df8d16019a1eac9ba01cc0
-
Filesize
342B
MD5fa9e00a837926ad0144967b26a4d8fa2
SHA1118f8c72b52d4f94e099f4af552378f8ff7221f6
SHA25685cd52f90e309831edef6d69cfb02b3dd786ed40d3b43bab4c07fd1384a1021c
SHA512bd05b435afbea67427d7a71e31787c176a5fa414039bafa618d2aad001d2e2b6d0f5ab21cb90063a515c42a3d293e2fce7ea37f187a260022ed9a0ca7776f6ee
-
Filesize
342B
MD5c928c076303beb5f44787aa083622fe0
SHA15f3de459444a45a05efd0437d8d440e1cdaf2d34
SHA256094e2c9d55e71605d787bee87863ba999279e49858eac0e30f7df760f8ef149a
SHA512dcb8427b4c94e9431edaecee872ba8cfef9eb781d1aa433cfd574f3f7ef744b1942fc962551ce494012b8f1699768b31360e4cf51d1b4a32cc351a893e011bbc
-
Filesize
3KB
MD5bcc430cabda5774724e0f2330611d55c
SHA1aa6c5c700beb8dbd939b6b530fa4ba098f6867d8
SHA256e10052721dce726f4ad549120204fba334585e9a914b4225443b290e1fe61c19
SHA512d8e8954f7381d1a8c945ca690ecd8bce47dedc1402654653edc2b3a5512f0f2660d8212f97f39e8367afecb87c9859863869b2e19e7f30c9f5ab1d54f6794c44
-
Filesize
3KB
MD50580be944fdb0ca958cee222ce2c33ef
SHA176840612e4fb069a0257e1d541ceff3e05258c5b
SHA256efdcc2e389940af4e17f30027e2de083a4a6206bd93865d573f35aeb24d48548
SHA5122ee223ee90d804ad96c7cd34b37fee91b04426bbf03390ac3d5ba25d4636e7f0cce0bcd5f96dd8cf04fca197c2a4a049ee47fabcb93942558d8117a3803f1842
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
80KB
MD56a7ec375af8ba2e87ff7f23497e9944e
SHA1791fb650e9e27e9857b332f534a0ade1eae28be7
SHA25665c68fd55281a0a4598807ea83531a0cb0e4e79a8c5bf38e9637e776f72c3514
SHA512c6fa4ac94692ddb8d60c8ab40aa33b17e9d0800c802ee5d3c7d6f0db24c507638743287a274d7ec62fe568b6aa1c69932d52e74a50040720a89138cb5c8be7aa
-
Filesize
2KB
MD5e0eb53551aca2acff814ddd7aca212e2
SHA1ee825c865d5abf244d6165ee838735f1ba05bfcb
SHA25611993a03f68a33500a3ce8fbeb3e3c2042a28299d04f39eed40147709e76ca79
SHA512ddde3d274b2ea8da0d645f88bd6b340902dca83e599ba0c7249953a7c1f2dd512f764802134a6efa1f48ca6cae23b78881569228f908dd0746abe3c46e95a348
-
Filesize
1KB
MD5e9d3e368ec38bb8bd019c7dc92165ff7
SHA1003f9bd7d0517c6a0047b9d0e78137c16d04251d
SHA25698803ca43562d490696037b9bc0146c09ef80005ed795984034f5c8afe641a60
SHA512533c4d6d4c3ca249d42dffef2bfc7d5cd3feafcbd1d8a6049b8202c83f4fa86213e608e6256fca7338e73696071c87027e108706ffbf947a804fb439a7be71ee
-
Filesize
25KB
MD5ec5b7fd771270bbc81e6a347d2cae0f7
SHA15a7896f54761a81d97bdda7f54492f8f5cd57730
SHA2560cc98dc63e4a8aff899388f9f757fedc1934ccc37d2a5eb2877789b6c13c02ad
SHA51298239068d1d3ce9db27e4453f76c9b1b94384e135b10f4e89b765e50e4b890ca7e6cf3ac7534af158796ec6730bc207c752651f3da42a8d40eb0aa4c20bfc7ed
-
Filesize
151KB
MD5e5125d4651c008eba61d9fd3abd5ab31
SHA14a85e5d6ab73891832c9adaa4a70c1896773c279
SHA256874cb7a8513b781b25e176828fe8fe5ac73fa2fe29ea2aac5fe0eaad50e63f39
SHA51226ba2cecf7324e1c5fe46112c31523e2fabad8de34fe84ce3a9e3a63922b0f85d84982e7c6bae13d2e3cf65193f7a19a67a2fc80af5a78ef8cfe611fce1a9409
-
Filesize
840KB
MD5e80c8cb9887a7c9426d4e843dddb8a44
SHA1a04821e6d51f45b72a10bdbd3bb7e49de069ccd2
SHA2563df4725778c0351e8472a0f8e18caf4fa9b95c98e4f2d160a26c3749f9869568
SHA51241b4bd84336785d4da13b5653183bf2a405b918afad3acd934f253d23b1e00460173e36b2d65a61f77ef2b942dba735655fc5b4ec561c375896f5a010e053d33
-
Filesize
1.1MB
MD502ba1c44b6392f013a7aa0b91314f45a
SHA1724c1977101ecae88e4f104a8422b64bfec01a98
SHA2567fbe59195f5f6f45c8b38b12488a169fdcb3a272004dbaf44c9d92a60a3690cb
SHA51256bed935b028257e6eb485c555002f3e07e86788452cca0e28786098cc9254a7462b777a7a46ae6594911a73d786a6d15dee248f05a4c33a1bc749be071bcc3d
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
4KB
-
Filesize
2.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
2.6MB