Overview

overview

3

Static

static

3

NEAS.d2ab1...JC.exe

windows7-x64

1

NEAS.d2ab1...JC.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2023, 16:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.d2ab1c3b516ec0777ed195c1500dbe60_JC.exe

  • Size

    14KB

  • MD5

    d2ab1c3b516ec0777ed195c1500dbe60

  • SHA1

    0f2d94ca61aa33179a4d3b1bbd336784becde646

  • SHA256

    0d6b5dd91051a5e7edbb68a4e22a5a098737504d86b3ef83df7bf7c9796cc470

  • SHA512

    8ce89f5bf171315d15f9b8851b4aaa679645f236fe6e6828525b293d61f7d6feea5bf8ac506f3fb7f2bc229be13da9e184a2dfad4d56cfea9202340f7cbd0f6b

  • SSDEEP

    384:pettmd9+fPkigPDt4Da9m0YjNqDE045H:E4dMk7t4Da9m0YjNwA

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d2ab1c3b516ec0777ed195c1500dbe60_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.d2ab1c3b516ec0777ed195c1500dbe60_JC.exe"
    1⤵
      PID:4508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 252
        2⤵
        • Program crash
        PID:4052
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4508 -ip 4508
      1⤵
        PID:4168
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:2080
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:5092

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/4508-0-0x0000000000400000-0x000000000040A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/5092-1-0x00000205B7F50000-0x00000205B7F60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/5092-17-0x00000205B8050000-0x00000205B8060000-memory.dmp

                Filesize

                64KB

                Download

              • memory/5092-33-0x00000205C0640000-0x00000205C0641000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-34-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-35-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-36-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-37-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-38-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-39-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-40-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-41-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-42-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-43-0x00000205C0670000-0x00000205C0671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-44-0x00000205C0290000-0x00000205C0291000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-45-0x00000205C0280000-0x00000205C0281000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-47-0x00000205C0290000-0x00000205C0291000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-50-0x00000205C0280000-0x00000205C0281000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-53-0x00000205C01C0000-0x00000205C01C1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-65-0x00000205C03C0000-0x00000205C03C1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-67-0x00000205C03D0000-0x00000205C03D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-68-0x00000205C03D0000-0x00000205C03D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-69-0x00000205C04E0000-0x00000205C04E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-70-0x00000205C04F0000-0x00000205C04F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5092-71-0x00000205C04E0000-0x00000205C04E1000-memory.dmp

                Filesize

                4KB

                Download