Overview

overview

7

Static

static

3

NEAS.129f0...JC.exe

windows7-x64

7

NEAS.129f0...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2023, 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.129f0b57e1889fd010d17155dc27cc00_JC.exe

  • Size

    45KB

  • MD5

    129f0b57e1889fd010d17155dc27cc00

  • SHA1

    95ac7f6f38fe0233c39e0e1297bfd09fc2c7c06a

  • SHA256

    2d7f92da019ee1f5083a6962abdbc520952b33368b13551561665b2d0904c794

  • SHA512

    ebb7842b2dd63845b7cc9c11c1f51a2d255360e00f3cb4b17de605bf824164a68c14514a212a9e1064a7164e5a88709504355fe29729c1a5d97b8cf9e09152b0

  • SSDEEP

    768:ptAcMcXx+bYCeOOWcDx0aYCgl3LCTcfIhJ20Unsyccu2hLgX14i:pt3RAJeOO143LCTeqJ5UnslL2hLk14i

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.129f0b57e1889fd010d17155dc27cc00_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.129f0b57e1889fd010d17155dc27cc00_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Users\Admin\AppData\Local\Temp\rianesad.exe
      C:\Users\Admin\AppData\Local\Temp\rianesad.exe
      2⤵
      • Executes dropped EXE
      PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rianesad.exe
    Filesize

    45KB

    MD5

    45dcf59d071df5d010cb2bd4511308e1

    SHA1

    a4152719215232384817ffc009c1190205b772cf

    SHA256

    638bd890ae221f2816b6d62d0f984c126ce3d05aab0341b8227358ac09f4ed35

    SHA512

    4de3779781982d392ecf6840d940def86e8666e1e866faa1ac6144e85e8983dd713cb2c2e54a51d8e334820d368fe6685d59c3e48e07221664c1a9ee1d4bdcac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\rianesad.exe
    Filesize

    45KB

    MD5

    45dcf59d071df5d010cb2bd4511308e1

    SHA1

    a4152719215232384817ffc009c1190205b772cf

    SHA256

    638bd890ae221f2816b6d62d0f984c126ce3d05aab0341b8227358ac09f4ed35

    SHA512

    4de3779781982d392ecf6840d940def86e8666e1e866faa1ac6144e85e8983dd713cb2c2e54a51d8e334820d368fe6685d59c3e48e07221664c1a9ee1d4bdcac

    Download Submit

  • memory/1564-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2136-5-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download