Overview

overview

10

Static

static

3

installer.exe

windows7-x64

1

installer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    818s
  • max time network
    895s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2024 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    installer.exe

  • Size

    2.0MB

  • MD5

    db9387b8b5328adf2898eba2851e21c7

  • SHA1

    6100a5dffa1f4d05c6ce029e1148e0f1e2649da1

  • SHA256

    a5f6c3582d8e4c4bf08ecb4389a26a0724acfbe88cb1dc55c7e6eda8fb8fde8b

  • SHA512

    ce1c97177cf16336a9f46d768360abd79a2726b80786422d62c02e2044cac590a33ef90d48bb91db19dbcdef4f4e3eb1e874078926f865317103ed12c93cefb4

  • SSDEEP

    24576:f3Romk0GRu5XJH2ORDEhkcaHQinDq76L8j4oBYJSqppoTcXuJh:f3RZvGWJ+CminQkZGoXI

Score
10/10
jupyterbackdoordiscoverystealertrojan

Malware Config

Extracted

Family

jupyter

C2

http://185.94.191.54

Signatures

  • Jupyter family
    jupyter
  • Jupyter, SolarMarker

    Jupyter is a backdoor and infostealer first seen in mid 2020.

    backdoortrojanstealerjupyter
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\installer.exe
    "C:\Users\Admin\AppData\Local\Temp\installer.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:696
    • C:\Users\Admin\AppData\Local\Temp\dist13142.exe
      "C:\Users\Admin\AppData\Local\Temp\dist13142.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
        C:\Users\Public\Documents\Wondershare\NFWCHK.exe
        3⤵
        • Executes dropped EXE
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sfamcypf.bg0.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dist13142.exe
    Filesize

    2.0MB

    MD5

    f4c83004d10430c3e6f804a35e5dbddb

    SHA1

    44b3bf37ea04bbab6b6e73d53b5f48fe106dc122

    SHA256

    db55c785a9e77ab1cfe35f5994fc3ddc46191f6c1f612caab23876489ee44ff4

    SHA512

    9c7b038c42611b40173ec744fc2e773b6262a947511832f08f1158528cf03f0bc838eeb567a2e2ca2f59cfbdf438415b7fa7b1fc5580aa3ad9a04bf7def063a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    744B

    MD5

    407043f5117232ed5bf3077f1e419c78

    SHA1

    d48972d5dd324c932f79e77d9f0bdfe0715a8f06

    SHA256

    c4270dbaf5b77f3f76b56e82ec6a2aa6dcf49b56dc67984cb72f0d31c01ecfae

    SHA512

    d6f07a920612c41587aa27d7b0fa5a222a26162f6a227761dfd17227fe21d545fcc7dbd97cf8676ba8d0aa03c2c82aa6686b1911d7fdb51e02e95c9284699d7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    9cc66675508110148bc4bce38a50602d

    SHA1

    6bcf6d6647b4fc25344b86cb19c52bc811cd4a17

    SHA256

    85cd271fc33524cf87354629d319cd4277af6d3b61f65b5656809796ced669c7

    SHA512

    fecc3f41541e0ef0cd07cdf7a8e356b3d34f77d85987940075e3b3ecd007a5960764218611cd52e1d2aa3591b95af72759fabf30691d38e5fbd525c446a776f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    2KB

    MD5

    c4ccd050b46cea9357adc8578d2f4978

    SHA1

    c3cd5b8ac8a5e51538d4bfbf69b6907fa0e67990

    SHA256

    2ba45746a514d22544cdbbe4265afbbf138dfe0b038cb22956c5fec408f51330

    SHA512

    f7611da12b81df282e1d1116763d56c3ac27f7ef62325566cd7e8cfcbc0e160593ac7de422ee0d0909182847a4b47af212a19f0c5c276ed22a09b85a20ad2353

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    4KB

    MD5

    edc982b2c7a2e7c2832205bdaf2ae2a3

    SHA1

    fa38424682f3dd918d25dd015f65b2999107f686

    SHA256

    b0cf77d1105170ef83b5889b7f5faaa149c71806a06715c18675235e61e4bbd4

    SHA512

    0d1bd3a0e288c4d91e57b6c6ade6251e1271e31ab791ea141de720e845118ab535ed099c020ffc004a0612db445b2a7db7c3ad5ad137ced4f8f4ec95b5c7a63b

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    223B

    MD5

    5babf2a106c883a8e216f768db99ad51

    SHA1

    f39e84a226dbf563ba983c6f352e68d561523c8e

    SHA256

    9e676a617eb0d0535ac05a67c0ae0c0e12d4e998ab55ac786a031bfc25e28300

    SHA512

    d4596b0aafe03673083eef12f01413b139940269255d10256cf535853225348752499325a5def803fa1189e639f4a2966a0fbb18e32fe8d27e11c81c9e19a0bb

    Download Submit

  • memory/696-1166-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/696-23-0x00000000316E0000-0x0000000031774000-memory.dmp

    Filesize

    592KB

    Download

  • memory/696-12-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/696-1165-0x00007FFC7EB33000-0x00007FFC7EB35000-memory.dmp

    Filesize

    8KB

    Download

  • memory/696-0-0x00007FFC7EB33000-0x00007FFC7EB35000-memory.dmp

    Filesize

    8KB

    Download

  • memory/696-11-0x000000002E710000-0x000000002E732000-memory.dmp

    Filesize

    136KB

    Download

  • memory/696-1-0x0000000000CA0000-0x0000000001CA0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2832-1179-0x000000001B0D0000-0x000000001B0F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2832-1178-0x000000001B090000-0x000000001B0A8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2832-1177-0x000000001B040000-0x000000001B064000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2832-1180-0x000000001B0F0000-0x000000001B3FE000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2832-1181-0x000000001B8B0000-0x000000001B8F9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2832-1182-0x000000001B970000-0x000000001B9D2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2832-1183-0x000000001BEB0000-0x000000001C37E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2832-1184-0x000000001C420000-0x000000001C4BC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2832-1185-0x000000001B840000-0x000000001B848000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2832-1186-0x000000001C8F0000-0x000000001C92E000-memory.dmp

    Filesize

    248KB

    Download