Overview

overview

10

Static

static

3

241fc92010...0N.exe

windows7-x64

10

241fc92010...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03-08-2024 00:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    241fc92010656375a2457ba4428b31e0N.exe

  • Size

    91KB

  • MD5

    241fc92010656375a2457ba4428b31e0

  • SHA1

    ef39db03d0880f5860e5cb33071eeda755018405

  • SHA256

    391f2de6b0d739e93649703e08bd8aa5489eacff99789c903633fa24a97c746b

  • SHA512

    9701eef800338ee2edc68109069ae0fe8ba554860e1375ec697a997dee320c8d1539f45e4eae44a7ddd852eb05d2c9fdcd9f291dbd53bc58f25c8b4223da3538

  • SSDEEP

    1536:4aiqH1s+kCtrA2UMT0mTFibDKa1Xk+SezSOY6Ukg2dTtzy:51B31bdBob2QXbSezI6UPl

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\241fc92010656375a2457ba4428b31e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\241fc92010656375a2457ba4428b31e0N.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\jabswitch.exe
    Filesize

    80KB

    MD5

    81a8943010163b01044cd080852509ee

    SHA1

    5c86a89e21de46883ec95cf266a5943f46da9aab

    SHA256

    1cbd219f1b0924145abaae58f2e8e251c1fc360afc1c9021ba79aae39045818d

    SHA512

    ed855448462bd821af549b86882535673487d38838ab65b3297ad0f4a7bf9106d18eb0e0a1f2d1943fb7eaba3dfa670ab58afe1c14af6bfaa6cbb4b9f4ff1356

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zFM.exe
    Filesize

    930KB

    MD5

    19663798edf55457479556ef28de919c

    SHA1

    76fa0db1032368c7b813128645e9e664bee2fd5d

    SHA256

    50fcd3fc03f3174999fea9364b8b40d59042ea11cff74fea1a9614d02016b1aa

    SHA512

    775c2ddf52b5fa7016c803f0b10f7bd6ad85ffe98b5ea5ddcf2279d5dc3eb91abcd63a4ed2763e2894d4d7d301f41779bf70b74eca280c4739bdd325587bd6b5

    Download Submit

  • memory/2768-112-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-109-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-110-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-111-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-108-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-113-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-114-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-115-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-116-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-117-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2768-118-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download