Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 10:31

General

  • Target

    NEAS.06984e3d54fb6818b436748229b5d040_JC.exe

  • Size

    89KB

  • MD5

    06984e3d54fb6818b436748229b5d040

  • SHA1

    01353b4f51275e8c20ad158cb5acd4512a5de08a

  • SHA256

    2ce01d2abf37e25bcec5334d26b89428249737753a8af514efae9e4b40650052

  • SHA512

    dfb155e99da5371fba9dac4256ea0355547f77092190b64fe93d8092e35d65d021dc08e6897d8b9c9b0d9dbac8db29e38272e0a8b0cd63e123d3c57d45b657ef

  • SSDEEP

    768:JgO5xRYi+SQvvG5bnl/NqNwsKVDsBYD77aXKynF0vq:eshQvoLqNwDDhCeq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.06984e3d54fb6818b436748229b5d040_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.06984e3d54fb6818b436748229b5d040_JC.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    88KB

    MD5

    76a81f28c019944371db4bc477b4ff91

    SHA1

    37603fee86eecd385c8402764884acf71879f2a2

    SHA256

    0e272c2628d32ab8c1e2af15767ff2e67e52495c65f38c30f0ee2a9dc8888fe8

    SHA512

    31e330386cdd857beb6ad26a2b21b124f22df1fb6e7ec2bef0d97d223c7c06412555cd574fcf0168ac87b9f4682d1ea0cefd9e1db4f7390ccddc93337feca29b

  • C:\Windows\system\rundll32.exe

    Filesize

    86KB

    MD5

    1b5b8774df8511276803cea6ec47e26a

    SHA1

    fedb4fc16825f54c5c9d061bbef3e0d557ff5310

    SHA256

    6a46da951ca77ae28f19ecdbbc07549d6da5248de6b7197b737a5eace74b2397

    SHA512

    987ac4e9d4116a9237fd75c0ee9c111df2ab252ef381c777fadfafae0c194b7aeb87c62b25f57256567da23acde53bcaf5cbdc5d010b7b73184d95cc2eff3aa5

  • C:\Windows\system\rundll32.exe

    Filesize

    86KB

    MD5

    1b5b8774df8511276803cea6ec47e26a

    SHA1

    fedb4fc16825f54c5c9d061bbef3e0d557ff5310

    SHA256

    6a46da951ca77ae28f19ecdbbc07549d6da5248de6b7197b737a5eace74b2397

    SHA512

    987ac4e9d4116a9237fd75c0ee9c111df2ab252ef381c777fadfafae0c194b7aeb87c62b25f57256567da23acde53bcaf5cbdc5d010b7b73184d95cc2eff3aa5

  • \Windows\system\rundll32.exe

    Filesize

    86KB

    MD5

    1b5b8774df8511276803cea6ec47e26a

    SHA1

    fedb4fc16825f54c5c9d061bbef3e0d557ff5310

    SHA256

    6a46da951ca77ae28f19ecdbbc07549d6da5248de6b7197b737a5eace74b2397

    SHA512

    987ac4e9d4116a9237fd75c0ee9c111df2ab252ef381c777fadfafae0c194b7aeb87c62b25f57256567da23acde53bcaf5cbdc5d010b7b73184d95cc2eff3aa5

  • \Windows\system\rundll32.exe

    Filesize

    86KB

    MD5

    1b5b8774df8511276803cea6ec47e26a

    SHA1

    fedb4fc16825f54c5c9d061bbef3e0d557ff5310

    SHA256

    6a46da951ca77ae28f19ecdbbc07549d6da5248de6b7197b737a5eace74b2397

    SHA512

    987ac4e9d4116a9237fd75c0ee9c111df2ab252ef381c777fadfafae0c194b7aeb87c62b25f57256567da23acde53bcaf5cbdc5d010b7b73184d95cc2eff3aa5

  • memory/1824-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/1824-16-0x00000000003A0000-0x00000000003B5000-memory.dmp

    Filesize

    84KB

  • memory/1824-20-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/2292-19-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/2292-21-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/2292-22-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB