1619209ce7613d9cf455b45ae0bd888e57f037825b0f9426dbab75e6b21b60cd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JDXS2009_SETUP.exe
Size

6.2MB
MD5

396b040c649815440ebc49b3ef516f11
SHA1

dce96d2a2174a9bfc36afe825c78a0804df881b3
SHA256

e3ae490fce0afbc176fb2d82d6456e8c90e150878961e12d13a23218ea2c3cc6
SHA512

198762efdad4d938cb3fe6fdb049d4c1533aec94cc23cd26f6fcf05faf8e92882ee934a4dd4e508acc5a9f6f6863ec943677e3ba38d9138023fdd1f8df4d501b
SSDEEP

98304:u544aM0b6v05+MfbFq7zyoyZU4YRQkc9NAhkH0781lftR/:Qi6c+oLoyZ0Qk6Blbfn/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4012	JDXS2009_SETUP.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 4012	4808	JDXS2009_SETUP.exe	84
PID 4808 wrote to memory of 4012	4808	JDXS2009_SETUP.exe	84
PID 4808 wrote to memory of 4012	4808	JDXS2009_SETUP.exe	84

C:\Users\Admin\AppData\Local\Temp\JDXS2009_SETUP.exe
"C:\Users\Admin\AppData\Local\Temp\JDXS2009_SETUP.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Users\Admin\AppData\Local\Temp\is-T1M0H.tmp\JDXS2009_SETUP.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-T1M0H.tmp\JDXS2009_SETUP.tmp" /SL5="$6024C,6240654,69632,C:\Users\Admin\AppData\Local\Temp\JDXS2009_SETUP.exe"
  2⤵
  - Executes dropped EXE
  PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-T1M0H.tmp\JDXS2009_SETUP.tmp

Filesize
677KB

MD5
986327612b779af876467ef4b4515c13

SHA1
55e06ca288e80bd28dc485fe29a3bce963e82cf3

SHA256
2313a407ea0139db50b693425122ab88db943df414122952066be49fba4d7099

SHA512
64fd5a2e92e0a8c18290be1e305e76e360d1c2b1d103f7aabeab564e0146156aac16e580a634854dd7d3cb71a3481bf5c184d2574500708c1373cb2c996d4245

Download Submit
memory/4012-12-0x0000000000400000-0x00000000004B9000-memory.dmp

Filesize
740KB

Download
memory/4012-14-0x0000000000400000-0x00000000004B9000-memory.dmp

Filesize
740KB

Download
memory/4808-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4808-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/4808-13-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download