Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 20:33
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a5286233435ccb36498e3471e2d89cf0.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.a5286233435ccb36498e3471e2d89cf0.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.a5286233435ccb36498e3471e2d89cf0.exe
-
Size
410KB
-
MD5
a5286233435ccb36498e3471e2d89cf0
-
SHA1
d63ec5915a67148f2a7df7f7032697b1ebe7b5a6
-
SHA256
144e9dd08a106661f6d17b1d4c6909efa2744249ecd2a59341138ea5becf3444
-
SHA512
e7e3508d0102d659c9f00b74ab50c820032410b23200c16c9331074a8eb1beafb6085a9752ccb7057b9fc121763dc2adb3ff5613cefc3de1070b215aa5c1f8b6
-
SSDEEP
12288:CxIK9V14ImyHY8UslEHnvauZqb0dQYYrsOVweznq:CJEyY8UslEHnvafb0nYrBVwyq
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1044 cxjqy.exe -
Loads dropped DLL 2 IoCs
pid Process 2344 NEAS.a5286233435ccb36498e3471e2d89cf0.exe 2344 NEAS.a5286233435ccb36498e3471e2d89cf0.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\cxjqy.exe" cxjqy.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2344 wrote to memory of 1044 2344 NEAS.a5286233435ccb36498e3471e2d89cf0.exe 28 PID 2344 wrote to memory of 1044 2344 NEAS.a5286233435ccb36498e3471e2d89cf0.exe 28 PID 2344 wrote to memory of 1044 2344 NEAS.a5286233435ccb36498e3471e2d89cf0.exe 28 PID 2344 wrote to memory of 1044 2344 NEAS.a5286233435ccb36498e3471e2d89cf0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a5286233435ccb36498e3471e2d89cf0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a5286233435ccb36498e3471e2d89cf0.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\ProgramData\cxjqy.exe"C:\ProgramData\cxjqy.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
410KB
MD5f45f92bd944450968c30629f181b3cda
SHA1c50b4085c2ecaf88e598d59c5440e6626a077305
SHA256071c2e8638f3f77e31fe7da96fbd1f8a8ad210c98eccc215e172c92fdca2c69a
SHA512c6428d11df8f9177927e6748ad8b933ff4d087ee7cc4729334738abf85a9e548f4d1dfd985ac55ef420168219c48a7c5b968a2033cc450944bab3e33f11e8681
-
Filesize
72KB
MD501637d94bb9cc8ea42e50b0f37bd28e4
SHA1f0c94b8e86a8fd1940d4a3b75ebdcbd793a09718
SHA2564956168a18d00165f1e0eda737821b1456707f76ecdf3b6b821078a460778302
SHA5120539e0da657479e0b5a3d6d768898d5cc0d8be80b5a374f8442f079a0d7184e5ba2c653a6b223ff34021907117ed7398463c6e285fd66b80317e45156b6604fa
-
Filesize
150KB
MD5aef10b9ba25f907727558514f2dfbab0
SHA1d67383ef1b23d4da72339d66de9541c2e1efaf53
SHA256f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad
SHA5125e607a70ca3fa489897f8df0c96570709839364cd8cabd5f76386dfff01ca2986d50c120cf82926dff950c7d7b6ec833ea7558b64ec8f0dfe2e5070abf1da103
-
Filesize
259KB
MD586b3a84ed2b5ccb12e41c74c1329c556
SHA1059a0e05e2e579e6f10ffec66806f180debd5562
SHA2563a91dbb8e5f401b92221da86602cff211db97cf42562626c4969bfcb3b4899b3
SHA512a17c7e00fba5aff36862c4c289f15342a8be78e98b921dc7faf7e23d9e6f77a215f9018ea815c17158c71fe3c0863e383354a1e97bab53e639d8cbd2426df85b
-
Filesize
259KB
MD586b3a84ed2b5ccb12e41c74c1329c556
SHA1059a0e05e2e579e6f10ffec66806f180debd5562
SHA2563a91dbb8e5f401b92221da86602cff211db97cf42562626c4969bfcb3b4899b3
SHA512a17c7e00fba5aff36862c4c289f15342a8be78e98b921dc7faf7e23d9e6f77a215f9018ea815c17158c71fe3c0863e383354a1e97bab53e639d8cbd2426df85b
-
Filesize
259KB
MD586b3a84ed2b5ccb12e41c74c1329c556
SHA1059a0e05e2e579e6f10ffec66806f180debd5562
SHA2563a91dbb8e5f401b92221da86602cff211db97cf42562626c4969bfcb3b4899b3
SHA512a17c7e00fba5aff36862c4c289f15342a8be78e98b921dc7faf7e23d9e6f77a215f9018ea815c17158c71fe3c0863e383354a1e97bab53e639d8cbd2426df85b
-
Filesize
259KB
MD586b3a84ed2b5ccb12e41c74c1329c556
SHA1059a0e05e2e579e6f10ffec66806f180debd5562
SHA2563a91dbb8e5f401b92221da86602cff211db97cf42562626c4969bfcb3b4899b3
SHA512a17c7e00fba5aff36862c4c289f15342a8be78e98b921dc7faf7e23d9e6f77a215f9018ea815c17158c71fe3c0863e383354a1e97bab53e639d8cbd2426df85b
-
Filesize
259KB
MD586b3a84ed2b5ccb12e41c74c1329c556
SHA1059a0e05e2e579e6f10ffec66806f180debd5562
SHA2563a91dbb8e5f401b92221da86602cff211db97cf42562626c4969bfcb3b4899b3
SHA512a17c7e00fba5aff36862c4c289f15342a8be78e98b921dc7faf7e23d9e6f77a215f9018ea815c17158c71fe3c0863e383354a1e97bab53e639d8cbd2426df85b