Overview

overview

7

Static

static

3

NEAS.241e0...JC.exe

windows7-x64

7

NEAS.241e0...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2023, 17:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.241e07b1baf322377bd54966570a561d_JC.exe

  • Size

    488KB

  • MD5

    241e07b1baf322377bd54966570a561d

  • SHA1

    72d77b3c7cd31282f3afa0ef02565dd310428d85

  • SHA256

    a29aba426a3ff03e5adb7342fe2f580f4d0465179dff294f9717be13e017172d

  • SHA512

    64000cb298e8cc8bffca6927ba0b535a0f26e0ac44508980a12a9ab48a2629c871f175d8603d2d8d0a584aa98d600ab39a939bcce77dc587b94a23c05571dc3e

  • SSDEEP

    6144:53OOCKLlcPKJEld2zJQPfuSlMHyaXXu6FQGkcC+V5R5azYBONNYJIBtFc:FOOZpUtlwX+zc7V5Rn1JY

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 3 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 17 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.241e07b1baf322377bd54966570a561d_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.241e07b1baf322377bd54966570a561d_JC.exe"
    1⤵
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4668
    • C:\Windows\UXEGXMI.EXE
      C:\Windows\UXEGXMI.EXE
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:4740

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PerfLogs\FAFF.EXE
          Filesize

          488KB

          MD5

          b3d56d3832230c995e71b18d5ec67ceb

          SHA1

          aba8fecb0385957554bb0d203e4b1008ae4fe4bc

          SHA256

          24fed21cfb889b427cdd0c5e78821c51b1da4c3e62114419d06322b25040091d

          SHA512

          2737f2158bc13b2f01f9906945d950ecc9ee5b263ec02ea33324d94a21736f68903bc271dd21611b0b074ca1ed094ab10201c9a389a58ae651b0afcb06089d57

          Download Submit

        • C:\Windows\UXEGXMI.EXE
          Filesize

          489KB

          MD5

          aa281779393bd47d375a3bfd58c9ec8c

          SHA1

          410ffa77eda1637e24b585906fd28a8fabaa5592

          SHA256

          d02bc1ef1d4e0dbe27fb61e3c4dad095afba45e3d5ea43088dffba834ef13b4f

          SHA512

          298e9d859b14600c35118b5d3895dc4cd8e411ebcdcce3cb82a69c8b72cecfb858c560b71f584c5e08a597dd8d3877c011247611bfbf5f353b0957e60eb6c140

          Download Submit

        • C:\Windows\UXEGXMI.EXE
          Filesize

          489KB

          MD5

          aa281779393bd47d375a3bfd58c9ec8c

          SHA1

          410ffa77eda1637e24b585906fd28a8fabaa5592

          SHA256

          d02bc1ef1d4e0dbe27fb61e3c4dad095afba45e3d5ea43088dffba834ef13b4f

          SHA512

          298e9d859b14600c35118b5d3895dc4cd8e411ebcdcce3cb82a69c8b72cecfb858c560b71f584c5e08a597dd8d3877c011247611bfbf5f353b0957e60eb6c140

          Download Submit

        • C:\filedebug
          Filesize

          202B

          MD5

          3bf1c6f182aa36cec2502e2966fd887a

          SHA1

          47f786f54a211bf03c4de3aea09eb66a5abd0db0

          SHA256

          f2c02de1566ec1464bb30ab35393795ad960fb045cfaf38a25a20b1e62689ae0

          SHA512

          2de71a193c5118deb3b8b85e236f4f83e93f1d3cf5744045af8850de8cbe31afa80e1e6b2efde69a234b02ffef2c32d97cc86ca8035c4bcb35c3b9d01b6392bb

          Download Submit

        • memory/4668-0-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/4668-1-0x0000000000780000-0x0000000000781000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4668-24-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/4740-23-0x0000000000630000-0x0000000000631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4740-25-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download