Overview

overview

7

Static

static

3

NEAS.5259e...JC.exe

windows7-x64

7

NEAS.5259e...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2023 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.5259e4ce178d4978b0172bd3b4b19060_JC.exe

  • Size

    37KB

  • MD5

    5259e4ce178d4978b0172bd3b4b19060

  • SHA1

    439a5d4ad00024399f76b3fe0859b19ba8ea4637

  • SHA256

    3b9c86a6c73211be113ebc3b0f161284343487b07f7640c74b8700027ad092a7

  • SHA512

    aba9fddbe033215d16de9588ea35753d8c2d17ae38e3206e56805c756bb65630096bef0a8a1a9bd533aa1d401573fea3ae37791b122f15072971b36b0d7465ca

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3TP7DFHQ:X6QFElP6n+gJQMOtEvwDpjBmzDu

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.5259e4ce178d4978b0172bd3b4b19060_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5259e4ce178d4978b0172bd3b4b19060_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    37KB

    MD5

    0f49403734563fcc199dad276cf48971

    SHA1

    6e3ee907c614546c16b9cf30d3740b980adabe71

    SHA256

    dde05481247ef24030a5778ced3c7cd308022f5dd212e230578217d6b2634ab1

    SHA512

    91510e0754c5ad47da63339eac610c8f0ae46e8b7e75d636d2477db5b7ea7e54d2aa049a097de12b58a22178c5280d97aacd046f1fe3fb6c049b7389893a7224

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    37KB

    MD5

    0f49403734563fcc199dad276cf48971

    SHA1

    6e3ee907c614546c16b9cf30d3740b980adabe71

    SHA256

    dde05481247ef24030a5778ced3c7cd308022f5dd212e230578217d6b2634ab1

    SHA512

    91510e0754c5ad47da63339eac610c8f0ae46e8b7e75d636d2477db5b7ea7e54d2aa049a097de12b58a22178c5280d97aacd046f1fe3fb6c049b7389893a7224

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    37KB

    MD5

    0f49403734563fcc199dad276cf48971

    SHA1

    6e3ee907c614546c16b9cf30d3740b980adabe71

    SHA256

    dde05481247ef24030a5778ced3c7cd308022f5dd212e230578217d6b2634ab1

    SHA512

    91510e0754c5ad47da63339eac610c8f0ae46e8b7e75d636d2477db5b7ea7e54d2aa049a097de12b58a22178c5280d97aacd046f1fe3fb6c049b7389893a7224

    Download Submit

  • memory/2340-18-0x0000000001FF0000-0x0000000001FF6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2340-17-0x0000000000520000-0x0000000000526000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4444-0-0x0000000000830000-0x0000000000836000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4444-1-0x0000000000830000-0x0000000000836000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4444-2-0x00000000020F0000-0x00000000020F6000-memory.dmp

    Filesize

    24KB

    Download