Overview

overview

8

Static

static

3

NEAS.0c320...JC.exe

windows7-x64

8

NEAS.0c320...JC.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2023, 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.0c3209be791e2bdf80a8832528363d00_JC.exe

  • Size

    137KB

  • MD5

    0c3209be791e2bdf80a8832528363d00

  • SHA1

    c7c35433d6a0c96f95e9e93bad9162875d66d642

  • SHA256

    4e92000e999f3b85657d16c196351eceeb8bcee95890b71cca9e96694843597f

  • SHA512

    6e51aa991d88997eea4b9e4e9375d6b33ecdf37f8e2960d399f27dfde3cda6f38b5924b512744fd46d84ec37a0c817ed75a858bad6f24a55d5722ccfcbfb8976

  • SSDEEP

    3072:0c3EU6VeJj5Mw4lhAFDp2HiJ+cV6J060VU/t6S8lae4bB1w4v:f3pjixWJoCUcAJl0e/t690XbB1w4v

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.0c3209be791e2bdf80a8832528363d00_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0c3209be791e2bdf80a8832528363d00_JC.exe"
    1⤵
    • Drops file in Program Files directory
    PID:592
  • C:\PROGRA~3\Mozilla\eakpvvm.exe
    C:\PROGRA~3\Mozilla\eakpvvm.exe -lxsxepj
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:1988
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:1888
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4948

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRA~3\Mozilla\eakpvvm.exe
      Filesize

      137KB

      MD5

      43b057ec7da9bf5533c01df4a533e549

      SHA1

      0ef62f14f5f4a857fab023a42530882ff3de6174

      SHA256

      f63611b25991ef308f8e1a4f75516abc9b545d36ccd13c1da5772d115d17d988

      SHA512

      e021418231939effc06397b3a257578d1907049adc3d105015873c26380d25e32d431e9677dd3c5efa975d9ebe7110dde6f8901a1ad53a275d5df921e1da64b8

      Download Submit

    • C:\ProgramData\Mozilla\eakpvvm.exe
      Filesize

      137KB

      MD5

      43b057ec7da9bf5533c01df4a533e549

      SHA1

      0ef62f14f5f4a857fab023a42530882ff3de6174

      SHA256

      f63611b25991ef308f8e1a4f75516abc9b545d36ccd13c1da5772d115d17d988

      SHA512

      e021418231939effc06397b3a257578d1907049adc3d105015873c26380d25e32d431e9677dd3c5efa975d9ebe7110dde6f8901a1ad53a275d5df921e1da64b8

      Download Submit

    • memory/592-1-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/592-2-0x0000000000030000-0x0000000000031000-memory.dmp

      Filesize

      4KB

      Download

    • memory/592-3-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/592-9-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/1988-15-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/4948-16-0x000001862E860000-0x000001862E870000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4948-32-0x000001862E960000-0x000001862E970000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4948-48-0x0000018636CD0000-0x0000018636CD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4948-50-0x0000018636D00000-0x0000018636D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4948-51-0x0000018636D00000-0x0000018636D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4948-52-0x0000018636E10000-0x0000018636E11000-memory.dmp

      Filesize

      4KB

      Download