9b45bd6f93817b2140fbfcd28e85bbb910d473432bfc1acee2566a335de0e22f

Analysis

max time kernel
6s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJS Private.exe
Size

38.5MB
MD5

614daaa56de42eda32fb82e869e9ac31
SHA1

6e0969d1668a6c1e200f4d02066d074a8ab0e889
SHA256

9b45bd6f93817b2140fbfcd28e85bbb910d473432bfc1acee2566a335de0e22f
SHA512

5c8f38af08e1f33b74fa872e3300b7a66b801c4c1fe9c3b876298030987ac833da037e4d2a54d5a2341a4d392c743c26fabe8691ef9bd94227f429ad941ca549
SSDEEP

786432:XnR0nhLp698hEn1n60JVIh9LxtjsvPxSyw8/zt5lM2CB8kU:3OhLpWjn9JOh93sc+/ztL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2936	Stub.exe

Loads dropped DLL 2 IoCs

pid	Process
2068	JJS Private.exe
2936	Stub.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2936	2068	JJS Private.exe	30
PID 2068 wrote to memory of 2936	2068	JJS Private.exe	30
PID 2068 wrote to memory of 2936	2068	JJS Private.exe	30

C:\Users\Admin\AppData\Local\Temp\JJS Private.exe
"C:\Users\Admin\AppData\Local\Temp\JJS Private.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\onefile_2068_133748430230554000\Stub.exe
  "C:\Users\Admin\AppData\Local\Temp\JJS Private.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2068_133748430230554000\python310.dll

Filesize
4.2MB

MD5
dd5ca0ed23e17d9b182dd97635becb4a

SHA1
743b61bc754a8e5193b245183bfb1ec4e71c5f3f

SHA256
7a14ccb0d4ea395cbb6af2539dc740f3e6570765ad3c9c56fa2cb16598222428

SHA512
aa09d47b7d2a61c9b4433539f26cd54a155e3291165197368646a43366c2dba5253b336c4a69e18b4ab510666fc6cf946d4375c3ae6ff33ae1bc7d6c527db20a

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2068_133748430230554000\python310.dll

Filesize
4.3MB

MD5
e4533934b37e688106beac6c5919281e

SHA1
ada39f10ef0bbdcf05822f4260e43d53367b0017

SHA256
2bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5

SHA512
fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9

Download Submit
memory/2068-63-0x000000013FA90000-0x0000000142137000-memory.dmp

Filesize
38.7MB

Download
memory/2936-34-0x000000013F770000-0x00000001451B1000-memory.dmp

Filesize
90.3MB

Download