b5700050f979d2f251f6b2a94acf31cc2754efce996ece841025ae52e3ccfe47

Analysis

max time kernel
150s
max time network
160s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe
Size

36KB
MD5

0965f77bddeb234a0f662ced017cd0a0
SHA1

ad0325b7218509beabfdeee78b1fc477232bd2cd
SHA256

b5700050f979d2f251f6b2a94acf31cc2754efce996ece841025ae52e3ccfe47
SHA512

44e849e309031b173e501796f54c165fe06e5cc4b2dd00c6decfbd35f6aaa0ac3a3bae3443b12b7fa2d6adee775579653f13e0f029b0adca6bfb82f0d0153971
SSDEEP

192:RR8yJAYYpKq5HxK3RVt83mY6o6qrD4V89hOKp00E090:QyJHYpKq5SRViJOWEy0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2492	hummy.exe

Loads dropped DLL 2 IoCs

pid	Process
2196	NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe
2196	NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2492	2196	NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe	28
PID 2196 wrote to memory of 2492	2196	NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe	28
PID 2196 wrote to memory of 2492	2196	NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe	28
PID 2196 wrote to memory of 2492	2196	NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0965f77bddeb234a0f662ced017cd0a0_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\hummy.exe
  "C:\Users\Admin\AppData\Local\Temp\hummy.exe"
  2⤵
  - Executes dropped EXE
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hummy.exe

Filesize
36KB

MD5
18e4ffc942bc68cfe1d1824852b6bf49

SHA1
e2e433934305eda35b486aeb7ed8b5f3c626895a

SHA256
5bc58340d3aaeaf999aaac6e9e34740badfb11a5115487665a84ae46eaaa7c6a

SHA512
761b2399e3ad6ef946c4f46c0b2b776fca83c761bfdbd4ee39c740d83151601563a1165a4deb56e30461b8a96492efadc942a45856997fa08020db0522c8d8f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\hummy.exe

Filesize
36KB

MD5
18e4ffc942bc68cfe1d1824852b6bf49

SHA1
e2e433934305eda35b486aeb7ed8b5f3c626895a

SHA256
5bc58340d3aaeaf999aaac6e9e34740badfb11a5115487665a84ae46eaaa7c6a

SHA512
761b2399e3ad6ef946c4f46c0b2b776fca83c761bfdbd4ee39c740d83151601563a1165a4deb56e30461b8a96492efadc942a45856997fa08020db0522c8d8f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\hummy.exe

Filesize
36KB

MD5
18e4ffc942bc68cfe1d1824852b6bf49

SHA1
e2e433934305eda35b486aeb7ed8b5f3c626895a

SHA256
5bc58340d3aaeaf999aaac6e9e34740badfb11a5115487665a84ae46eaaa7c6a

SHA512
761b2399e3ad6ef946c4f46c0b2b776fca83c761bfdbd4ee39c740d83151601563a1165a4deb56e30461b8a96492efadc942a45856997fa08020db0522c8d8f8

Download Submit
\Users\Admin\AppData\Local\Temp\hummy.exe

Filesize
36KB

MD5
18e4ffc942bc68cfe1d1824852b6bf49

SHA1
e2e433934305eda35b486aeb7ed8b5f3c626895a

SHA256
5bc58340d3aaeaf999aaac6e9e34740badfb11a5115487665a84ae46eaaa7c6a

SHA512
761b2399e3ad6ef946c4f46c0b2b776fca83c761bfdbd4ee39c740d83151601563a1165a4deb56e30461b8a96492efadc942a45856997fa08020db0522c8d8f8

Download Submit
\Users\Admin\AppData\Local\Temp\hummy.exe

Filesize
36KB

MD5
18e4ffc942bc68cfe1d1824852b6bf49

SHA1
e2e433934305eda35b486aeb7ed8b5f3c626895a

SHA256
5bc58340d3aaeaf999aaac6e9e34740badfb11a5115487665a84ae46eaaa7c6a

SHA512
761b2399e3ad6ef946c4f46c0b2b776fca83c761bfdbd4ee39c740d83151601563a1165a4deb56e30461b8a96492efadc942a45856997fa08020db0522c8d8f8

Download Submit
memory/2196-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2196-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download