Overview

overview

7

Static

static

3

NEAS.aa4f0...JC.exe

windows7-x64

7

NEAS.aa4f0...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.aa4f03eeb53b7e5a1ed2b0dd0af5e5f0_JC.exe

  • Size

    82KB

  • MD5

    aa4f03eeb53b7e5a1ed2b0dd0af5e5f0

  • SHA1

    faaa8083f86d3eecf62890b3cfe72c9a9c05baaa

  • SHA256

    8b003982c2ef500efab33af8832b41062b43625a9762fc6794c33f426f31968b

  • SHA512

    55978b5056b1d2f784ad4cba4bbc5e094b19d0f94d56ac726f65a3e98cc256878887011042bf54f7e1b14d9e48a0908ee3d690e848a4286a28f0d2647a2dde50

  • SSDEEP

    1536:zaWLF1kxTnUI4CFPtv6iSJnaGlbVxho65tD3ByInj:zaWExTnUTCFPtvanaGlbVxho8t1xn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.aa4f03eeb53b7e5a1ed2b0dd0af5e5f0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa4f03eeb53b7e5a1ed2b0dd0af5e5f0_JC.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2056
  • C:\Windows\SysWOW64\Winkzc.exe
    C:\Windows\SysWOW64\Winkzc.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkzc.exe
    Filesize

    81KB

    MD5

    b18af32ced5f8112b2c5d1aabaea1ced

    SHA1

    b88bbb1f985ba6ab142299cee4a2110919aa54e2

    SHA256

    62dfc06b1fff92f063da54a7d76cb74c5dea8f8a2abcf65cf7b5c5cd8035f5f0

    SHA512

    e3fb121f69deae6452be6abf291fb9e3f7a92d06a246f20f54fed50fedf7ada61ac6f8c364410cffb7c6fc1856a4d0fb1ef44cd214c0a9365846a944fc8396ba

    Download Submit

  • C:\Windows\SysWOW64\Winkzc.exe
    Filesize

    81KB

    MD5

    b18af32ced5f8112b2c5d1aabaea1ced

    SHA1

    b88bbb1f985ba6ab142299cee4a2110919aa54e2

    SHA256

    62dfc06b1fff92f063da54a7d76cb74c5dea8f8a2abcf65cf7b5c5cd8035f5f0

    SHA512

    e3fb121f69deae6452be6abf291fb9e3f7a92d06a246f20f54fed50fedf7ada61ac6f8c364410cffb7c6fc1856a4d0fb1ef44cd214c0a9365846a944fc8396ba

    Download Submit

  • C:\Windows\SysWOW64\Winkzc.exe
    Filesize

    81KB

    MD5

    b18af32ced5f8112b2c5d1aabaea1ced

    SHA1

    b88bbb1f985ba6ab142299cee4a2110919aa54e2

    SHA256

    62dfc06b1fff92f063da54a7d76cb74c5dea8f8a2abcf65cf7b5c5cd8035f5f0

    SHA512

    e3fb121f69deae6452be6abf291fb9e3f7a92d06a246f20f54fed50fedf7ada61ac6f8c364410cffb7c6fc1856a4d0fb1ef44cd214c0a9365846a944fc8396ba

    Download Submit

  • memory/2056-0-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2056-14-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/3064-12-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/3064-15-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download