Overview

overview

10

Static

static

3

1ec5a65bda...0N.exe

windows7-x64

7

1ec5a65bda...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 11:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1ec5a65bda19e87385a410002ed26420N.exe

  • Size

    229KB

  • MD5

    1ec5a65bda19e87385a410002ed26420

  • SHA1

    f78f6fa09767674150400e9305c9c3417016c79e

  • SHA256

    24981ed32a77b6054a05c4894f03186bb86e8cb6ff34cbc5d387d05a55a5a6d1

  • SHA512

    9ee8d664aa357af3596168f030e14b625445454b0dbf717b87d7cbfd9e4b78dc179ea5a25ffeac5e959fea85f5e34bf3a915ac8f07a9faa1fb6aa64740c374aa

  • SSDEEP

    3072:+VFgCc4xGvbwcU9KQ2BBAHmaPxBVopb5Ec:VCc4xGxWKQ2BonxK

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ec5a65bda19e87385a410002ed26420N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ec5a65bda19e87385a410002ed26420N.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Program Files (x86)\bcb0ddf\jusched.exe
      "C:\Program Files (x86)\bcb0ddf\jusched.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2836

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\bcb0ddf\bcb0ddf
          Filesize

          17B

          MD5

          134c1d489094d6d3399f65b0e9aebc1f

          SHA1

          612a57fbe6ed3ab9c15b39451171d813314a28d5

          SHA256

          54f9150d1268f7b4b83dd9fc3ec32274bf749715a5806ff3ca5262f5427d6781

          SHA512

          b09bf60e4850d05261d81a124a647dd111f42480224eae8a3bd2f64736c38119953703f868ad34194a7ae6dad6aabff4081ba73df262bbe9f5327867c56a48ed

          Download Submit

        • \Program Files (x86)\bcb0ddf\jusched.exe
          Filesize

          229KB

          MD5

          0a92c9e1459f02bba642c9661c42aa79

          SHA1

          0c7fa1294a6f845b33179391d00700f547f1a747

          SHA256

          576223ed290ace86d4511b4fc428937505adbb1ac94619b78670db05f142e0aa

          SHA512

          711a7e9e270772d66ff9642282b2d64fbf2e7d811cced1712aa4db376b4138478a87bf8b0babd7d787ce33310083e411c6f9a200ae2bc65ca3639603ef371061

          Download Submit

        • memory/1488-0-0x0000000000400000-0x000000000045E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/1488-11-0x0000000000400000-0x000000000045E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/2836-13-0x0000000000400000-0x000000000045E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/2836-14-0x0000000000400000-0x000000000045E000-memory.dmp

          Filesize

          376KB

          Download