ee6496e163337694406b096cd0ce011aa4492487a85e61dcc814c98b1f88ae97

Analysis

max time kernel
119s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 06:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

80d2bc03010c928b4165116a6f687d90N.exe
Size

608KB
MD5

80d2bc03010c928b4165116a6f687d90
SHA1

4198ba28e458e057aaa497960b5e1fc106b61ce7
SHA256

ee6496e163337694406b096cd0ce011aa4492487a85e61dcc814c98b1f88ae97
SHA512

45025c93d094ce534b87f54a2058fce645db107f1300776dc1be9cbbfd2efc58940ecb31af2f04e4d504945953b66835903f909c9e95a36a3105ba9223ad8185
SSDEEP

12288:4jauDReWWe6HYS66jI6Zz8/Em6xbGSr9ELyQg0pm0sKuBtyPlFCWKQ+qLOrZ8EFT:4DDX8I1/EmMb396ypI8tyDWQ+qLYZ8EB

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5028	jrvbhk.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\jrvbhk.exe"	jrvbhk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 5028	2300	80d2bc03010c928b4165116a6f687d90N.exe	84
PID 2300 wrote to memory of 5028	2300	80d2bc03010c928b4165116a6f687d90N.exe	84
PID 2300 wrote to memory of 5028	2300	80d2bc03010c928b4165116a6f687d90N.exe	84

C:\Users\Admin\AppData\Local\Temp\80d2bc03010c928b4165116a6f687d90N.exe
"C:\Users\Admin\AppData\Local\Temp\80d2bc03010c928b4165116a6f687d90N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\ProgramData\jrvbhk.exe
  "C:\ProgramData\jrvbhk.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
608KB

MD5
f5ec9be3f2dff50fc4cf1aecb4ab4ffa

SHA1
83cad66a5c7e971bc59014a60714527894fc381d

SHA256
abcc6a8b621f54d323936a01ab02e6bd4e2f661fcb03e8a33905e342883060d5

SHA512
a4845c628a5707f94c109958be39ce5c102a00c4d5cbc4f93edd34c71b5ea812caeba302ad05e3489a0225ed2bb5470fd7943d84b074c6cb1d3a1fe78d773bae

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
cb4c442a26bb46671c638c794bf535af

SHA1
8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

SHA256
f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

SHA512
074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

Download Submit
C:\ProgramData\jrvbhk.exe

Filesize
471KB

MD5
0589e3e568548d37785b08619f0de600

SHA1
89ccce227475c722a85e5627232fe1fbb52a04c1

SHA256
ecdd9dc541f1ac472c03341c08e12e179255b52a8544017bc272549c6210484a

SHA512
d9dd97fe5716f63f27d6d334ae34b9040dce965293dde2820355ab1d7247122274e8d0ce37f754951f0621d5ee3658a92646603961a063cb13647145fe8243cf

Download Submit
memory/2300-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2300-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2300-8-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5028-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads