Overview

overview

3

Static

static

3

Jlaive.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    15s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 09:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Jlaive.exe

  • Size

    780KB

  • MD5

    47d55a6b80b73d64031a4a9e3c4923e1

  • SHA1

    1d3cfc1c8e6774cd23299da323724872e176626c

  • SHA256

    eb396995552cf60b3dc1572e5b57572f8b4418ddc71aee0340d5da4be17214c1

  • SHA512

    d2c29c46df9cbf6a1a868c0859a75041821abf8fd5da9c655ba6f218c4fff1d1eea29e1e62fc65b8ecbed425890a765ee1dd1c575c3a673465e284bb0bcfaee1

  • SSDEEP

    12288:7y9VCoVD990usfOlCdXXJy1sw5D99GJuY9HArdopZdfrXg+JwuKt/S/605:7JoKdpyuw5D9wJWopfw+Jwz/S/6

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 20 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Jlaive.exe
    "C:\Users\Admin\AppData\Local\Temp\Jlaive.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:4332
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:456

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/456-15-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-12-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-11-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-17-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-5-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-7-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-16-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-6-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-13-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/456-14-0x000001D286350000-0x000001D286351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4332-0-0x000000007523E000-0x000000007523F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4332-1-0x0000000000AA0000-0x0000000000B6A000-memory.dmp

          Filesize

          808KB

          Download

        • memory/4332-3-0x00000000055D0000-0x0000000005662000-memory.dmp

          Filesize

          584KB

          Download

        • memory/4332-2-0x0000000005B80000-0x0000000006124000-memory.dmp

          Filesize

          5.6MB

          Download