Overview

overview

7

Static

static

3

NEAS.aa4f0...JC.exe

windows7-x64

7

NEAS.aa4f0...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.aa4f03eeb53b7e5a1ed2b0dd0af5e5f0_JC.exe

  • Size

    82KB

  • MD5

    aa4f03eeb53b7e5a1ed2b0dd0af5e5f0

  • SHA1

    faaa8083f86d3eecf62890b3cfe72c9a9c05baaa

  • SHA256

    8b003982c2ef500efab33af8832b41062b43625a9762fc6794c33f426f31968b

  • SHA512

    55978b5056b1d2f784ad4cba4bbc5e094b19d0f94d56ac726f65a3e98cc256878887011042bf54f7e1b14d9e48a0908ee3d690e848a4286a28f0d2647a2dde50

  • SSDEEP

    1536:zaWLF1kxTnUI4CFPtv6iSJnaGlbVxho65tD3ByInj:zaWExTnUTCFPtvanaGlbVxho8t1xn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.aa4f03eeb53b7e5a1ed2b0dd0af5e5f0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa4f03eeb53b7e5a1ed2b0dd0af5e5f0_JC.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1092
  • C:\Windows\SysWOW64\Winkmg.exe
    C:\Windows\SysWOW64\Winkmg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkmg.exe
    Filesize

    82KB

    MD5

    47add85b2fa07b857775245a049db1b2

    SHA1

    c86021184bbe41ff511d2f2be3426407504efebb

    SHA256

    8ddf30f4cd0f314de878392e95cbaa0df77c3caeadc88d569e63fc744738a70f

    SHA512

    96fe7590d1206ae384031bcd16f103e343ab485da00905ebc38562afde24be9cf0e76ff9ec9de168982796a05abad3d1b8886c292dcb6d1f67c961120328d8ec

    Download Submit

  • C:\Windows\SysWOW64\Winkmg.exe
    Filesize

    82KB

    MD5

    47add85b2fa07b857775245a049db1b2

    SHA1

    c86021184bbe41ff511d2f2be3426407504efebb

    SHA256

    8ddf30f4cd0f314de878392e95cbaa0df77c3caeadc88d569e63fc744738a70f

    SHA512

    96fe7590d1206ae384031bcd16f103e343ab485da00905ebc38562afde24be9cf0e76ff9ec9de168982796a05abad3d1b8886c292dcb6d1f67c961120328d8ec

    Download Submit

  • C:\Windows\SysWOW64\Winkmg.exe
    Filesize

    82KB

    MD5

    47add85b2fa07b857775245a049db1b2

    SHA1

    c86021184bbe41ff511d2f2be3426407504efebb

    SHA256

    8ddf30f4cd0f314de878392e95cbaa0df77c3caeadc88d569e63fc744738a70f

    SHA512

    96fe7590d1206ae384031bcd16f103e343ab485da00905ebc38562afde24be9cf0e76ff9ec9de168982796a05abad3d1b8886c292dcb6d1f67c961120328d8ec

    Download Submit

  • memory/1092-0-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/1092-14-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/4032-12-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/4032-15-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download