9a88864e3c87f405002960fa5bb710f486e15e7af8c7c2a0a64e6ff4957233f8 | Triage

Sharing

General

Target

NEAS.system32exe_JC.exe
Size

9.9MB
Sample

231007-rmm6cadb3y
MD5

25af599b04074298133944628227451a
SHA1

b23abea6f74e7ffd1fa05436fc952ac652d59342
SHA256

9a88864e3c87f405002960fa5bb710f486e15e7af8c7c2a0a64e6ff4957233f8
SHA512

5ee27fc0fb47a50c26da3804c482f218d239ce250a1f5a0b0b2dc6e4440ea961fa8f19b2d64f37478d807b944d864da712614584825f29832faaa09cac2c0573
SSDEEP

196608:5TYReKrNPFho7UzsyNhaD3fqYz08tHihjnwFXokW8oHDt+:F6DrNPFiksyYI8tkwZoklsx+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.system32exe_JC.exe
- Size
  
  9.9MB
- MD5
  
  25af599b04074298133944628227451a
- SHA1
  
  b23abea6f74e7ffd1fa05436fc952ac652d59342
- SHA256
  
  9a88864e3c87f405002960fa5bb710f486e15e7af8c7c2a0a64e6ff4957233f8
- SHA512
  
  5ee27fc0fb47a50c26da3804c482f218d239ce250a1f5a0b0b2dc6e4440ea961fa8f19b2d64f37478d807b944d864da712614584825f29832faaa09cac2c0573
- SSDEEP
  
  196608:5TYReKrNPFho7UzsyNhaD3fqYz08tHihjnwFXokW8oHDt+:F6DrNPFiksyYI8tkwZoklsx+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence