Overview

overview

7

Static

static

3

NEAS.06984...JC.exe

windows7-x64

7

NEAS.06984...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 10:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.06984e3d54fb6818b436748229b5d040_JC.exe

  • Size

    89KB

  • MD5

    06984e3d54fb6818b436748229b5d040

  • SHA1

    01353b4f51275e8c20ad158cb5acd4512a5de08a

  • SHA256

    2ce01d2abf37e25bcec5334d26b89428249737753a8af514efae9e4b40650052

  • SHA512

    dfb155e99da5371fba9dac4256ea0355547f77092190b64fe93d8092e35d65d021dc08e6897d8b9c9b0d9dbac8db29e38272e0a8b0cd63e123d3c57d45b657ef

  • SSDEEP

    768:JgO5xRYi+SQvvG5bnl/NqNwsKVDsBYD77aXKynF0vq:eshQvoLqNwDDhCeq

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.06984e3d54fb6818b436748229b5d040_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.06984e3d54fb6818b436748229b5d040_JC.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2052
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 1560
        3⤵
        • Program crash
        PID:2308
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2052 -ip 2052
    1⤵
      PID:412

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe
      Filesize

      84KB

      MD5

      6de2488e1d9b5ba16d3b21d02cba1df2

      SHA1

      cda6847f282d72e55b7b3f354839c4ecc97f3f35

      SHA256

      84f8f43775990516df20aaa48bd13644946e9ebca45404ebde8885337e9f7427

      SHA512

      e69186b6023ddd41c8f211d59ef610519b69341c9d2bc417d9fa5d32f87d77d72afe340542cea36e182e0bac197ce30fbbdef9dedbff954b397e6d2f99509435

      Download Submit

    • C:\Windows\System\rundll32.exe
      Filesize

      89KB

      MD5

      2fd58b1c5a9e81d21c8bbeb956130e06

      SHA1

      aa24b2839843a1bdfb75ae5d0f3854d3a8c2b8b2

      SHA256

      46fdaf016c43824774b904605c3c52ac3e1382218c99b63ccd17176aa980b50b

      SHA512

      0b3a4a009d2b15bf14e5a8343a03a45a8a0f599ccf5fb3891b4af41d16e1dc866065f634001bb950659124db1259f776894d8e26477ab7828db7c15b8f8822cf

      Download Submit

    • C:\Windows\system\rundll32.exe
      Filesize

      89KB

      MD5

      2fd58b1c5a9e81d21c8bbeb956130e06

      SHA1

      aa24b2839843a1bdfb75ae5d0f3854d3a8c2b8b2

      SHA256

      46fdaf016c43824774b904605c3c52ac3e1382218c99b63ccd17176aa980b50b

      SHA512

      0b3a4a009d2b15bf14e5a8343a03a45a8a0f599ccf5fb3891b4af41d16e1dc866065f634001bb950659124db1259f776894d8e26477ab7828db7c15b8f8822cf

      Download Submit

    • memory/1908-0-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download

    • memory/1908-1-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download

    • memory/1908-15-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2052-14-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2052-16-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download