37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
Size

202KB
MD5

a4e4b05456d5f436ce91362048f5bd88
SHA1

a7a99b3258d136788ee9737a3b5d848b723c90ed
SHA256

37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73
SHA512

9e037944c99e3892e4857958c54d0ef44a7d7d8098e046e7df01e5fc2d2e1796f2bd8fd6683de00100357f48b7ca117b99691fd24291456dc3c0121a11728e18
SSDEEP

1536:bXBmHj/428VMTwvY3vT3ZpTha581w8WlmoL8vA:bXgE28mTwvY73Zhha5IvoL8o

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2272	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
2088	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
2088	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\9dae628e\jusched.exe	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
File created	C:\Program Files (x86)\9dae628e\9dae628e	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
File created	C:\Program Files (x86)\9dae628e\info_a	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update23.job	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2272	2088	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe	28
PID 2088 wrote to memory of 2272	2088	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe	28
PID 2088 wrote to memory of 2272	2088	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe	28
PID 2088 wrote to memory of 2272	2088	NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\9dae628e\jusched.exe
  "C:\Program Files (x86)\9dae628e\jusched.exe"
  2⤵
  - Executes dropped EXE
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\9dae628e\9dae628e

Filesize
17B

MD5
ff323a10557ed49cf5c59a277579ae45

SHA1
de64360ad4e3ea906b3b1e733975e75faa5a584e

SHA256
d8ba4de3c9ce2f2ee152b3905563f84af1d21df3e66065f3d549f25619bde779

SHA512
13747cad49a2aebb312975df6c8d6168994370ca680ce0996bfcf6f4bf5832e9468cfe6c35917bf069d0283add81b59b565d4dfa59dc3b25a9a7ace093912a39

Download Submit
C:\Program Files (x86)\9dae628e\info_a

Filesize
12B

MD5
f87339493c88bcfe1b092017cad18653

SHA1
718cd856429570c02105efbbe7390d087870e20d

SHA256
a191694fa44e9b50a08c6cc85b5ed1f6348ae509660734f3c46fd78b6df43860

SHA512
1ac5a4edcffaf2e3b711225479ed45366dbca7b2d8fdfa1a08583c0e8e904397f18d4d40b065e771aefe82e043fa42cff768103d06555c5280e803c458e2ccd4

Download Submit
C:\Program Files (x86)\9dae628e\jusched.exe

Filesize
202KB

MD5
06165ac69141090db4176495e77da096

SHA1
07806ec52cdf08ba39162db4e36865fa7eca5f37

SHA256
8fe74322d9c07f3182ff3b963d965dddfd4c66a9cb86c2168b688b2ae888725d

SHA512
5e791c14a57baba7cb2a1cc17ad49ea5a8402647793b1f6abe73cca6b31f49c684931648811ab5c6486edcc58261cecbebc42290f734c96748aa112b59b3c910

Download Submit
C:\Program Files (x86)\9dae628e\jusched.exe

Filesize
202KB

MD5
06165ac69141090db4176495e77da096

SHA1
07806ec52cdf08ba39162db4e36865fa7eca5f37

SHA256
8fe74322d9c07f3182ff3b963d965dddfd4c66a9cb86c2168b688b2ae888725d

SHA512
5e791c14a57baba7cb2a1cc17ad49ea5a8402647793b1f6abe73cca6b31f49c684931648811ab5c6486edcc58261cecbebc42290f734c96748aa112b59b3c910

Download Submit
\Program Files (x86)\9dae628e\jusched.exe

Filesize
202KB

MD5
06165ac69141090db4176495e77da096

SHA1
07806ec52cdf08ba39162db4e36865fa7eca5f37

SHA256
8fe74322d9c07f3182ff3b963d965dddfd4c66a9cb86c2168b688b2ae888725d

SHA512
5e791c14a57baba7cb2a1cc17ad49ea5a8402647793b1f6abe73cca6b31f49c684931648811ab5c6486edcc58261cecbebc42290f734c96748aa112b59b3c910

Download Submit
\Program Files (x86)\9dae628e\jusched.exe

Filesize
202KB

MD5
06165ac69141090db4176495e77da096

SHA1
07806ec52cdf08ba39162db4e36865fa7eca5f37

SHA256
8fe74322d9c07f3182ff3b963d965dddfd4c66a9cb86c2168b688b2ae888725d

SHA512
5e791c14a57baba7cb2a1cc17ad49ea5a8402647793b1f6abe73cca6b31f49c684931648811ab5c6486edcc58261cecbebc42290f734c96748aa112b59b3c910

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads