Overview

overview

10

Static

static

3

NEAS.9356e...JC.exe

windows7-x64

10

NEAS.9356e...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2023 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.9356e79f1ca8b57c5f92f176c8c7fdbd_JC.exe

  • Size

    891KB

  • MD5

    9356e79f1ca8b57c5f92f176c8c7fdbd

  • SHA1

    667fc8b3bc588bb52403de64f43e1bb892ff95f7

  • SHA256

    b4f56cf289c624e0ab4d1731e4ab778fd675fffb1608ae38056f5dce97186c0c

  • SHA512

    25e32955247a647754ff74fa99974eb81bf6d188acb67470c6965174e9c26b2f24c41d73332780a24a0be4c9748e0dbecc8c8637a56ae7ed7fdfe77f26108289

  • SSDEEP

    24576:Z1bQ4pSK1WxuOB5mr4ryALEJEZ/YGIpDvzh1OBC05Fks:ZhpSlhBkr4rywEJEZjIZrh1eT

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.9356e79f1ca8b57c5f92f176c8c7fdbd_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9356e79f1ca8b57c5f92f176c8c7fdbd_JC.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCXA279.tmp
    Filesize

    61KB

    MD5

    cb2b9a8ea0f5ac58e3b1ff5d21a6092a

    SHA1

    ac01980900d7f76c1f02c0fc010dfc2b76e7f6c7

    SHA256

    6331d18b028f8ac60b9b333156855fa627344a3c649b71f7c733841f711ee7e8

    SHA512

    214847ffe1da22ddcb635b583d0dcdf1f77ca66cbd1f6f356feba879cbc7894067b0af776a101349f8d9a405333aeae06a8d33cd1b5249412989494318c77f2a

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zG.exe
    Filesize

    907KB

    MD5

    c14c73f12c204772e3c7cfe885f9cb93

    SHA1

    4b25eed1b495a07ac0fe874517216ad35dd14276

    SHA256

    e8c5c7e2ade4defeb9bfc55b622c3c02a73985d5b539161685cf3f2c46839905

    SHA512

    99b2ea27caeb21a2ac2490d59101c08b4b878cc37bcb1dbae440a9af8d73a93f6a0667874f64b0ea1977bf4f20985f9d8b08602ca0efa84b2f8dbd071b3b2c8e

    Download Submit

  • memory/3012-113-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-114-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-109-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-110-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-111-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-112-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-52-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-108-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-115-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-116-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-117-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-118-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-119-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3012-120-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download