bb01f765bdb41a2005818b81b6a25c8b3411032d5d147c870ff7dec4a568dbb8

Analysis

max time kernel
153s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe
Size

7KB
MD5

85ab33ee4d5ef17e6bc741cc3db8be60
SHA1

39aee3cac433acaae55e760442364d3b4dc91ae9
SHA256

bb01f765bdb41a2005818b81b6a25c8b3411032d5d147c870ff7dec4a568dbb8
SHA512

6db1887e9851c69dc32b5e71df8c91c49508b599f94a698e697b6bcee64094dc7cef31571b9b2bf1fdba0e24c61c1fdca7049847ca9e09a8f8a3182176370954
SSDEEP

96:Zc4v4mcWKh96tgC3R0nKymV44BCcc7jYNPcMsiXlTvhBoXU97W84Jhy2rs:GvmcWKG90nKfzBwYNPcMs0xJwrs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2768	mpjnr.exe

Loads dropped DLL 2 IoCs

pid	Process
2080	NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe
2080	NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2768	2080	NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe	28
PID 2080 wrote to memory of 2768	2080	NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe	28
PID 2080 wrote to memory of 2768	2080	NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe	28
PID 2080 wrote to memory of 2768	2080	NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.85ab33ee4d5ef17e6bc741cc3db8be60.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\mpjnr.exe
  "C:\Users\Admin\AppData\Local\Temp\mpjnr.exe"
  2⤵
  - Executes dropped EXE
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mpjnr.exe

Filesize
7KB

MD5
18cbd1e34e8a4e8458152bb4a411c788

SHA1
e5b9cbdba615b6111acf1e7197b848fe3d746f0d

SHA256
ccf9f645a82eb56dfb41b21dd0a82ddbac944047dbd4b5230899c9ce1389d679

SHA512
f5ba1a4fb9f90e7627544f9c49e3acc71eff7c18f57372ba3386878d9d1534b4291820c4f8a54c47b1a4bf122c5c0aa29f2f972238c8c12f84f3024b48a282cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpjnr.exe

Filesize
7KB

MD5
18cbd1e34e8a4e8458152bb4a411c788

SHA1
e5b9cbdba615b6111acf1e7197b848fe3d746f0d

SHA256
ccf9f645a82eb56dfb41b21dd0a82ddbac944047dbd4b5230899c9ce1389d679

SHA512
f5ba1a4fb9f90e7627544f9c49e3acc71eff7c18f57372ba3386878d9d1534b4291820c4f8a54c47b1a4bf122c5c0aa29f2f972238c8c12f84f3024b48a282cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpjnr.exe

Filesize
7KB

MD5
18cbd1e34e8a4e8458152bb4a411c788

SHA1
e5b9cbdba615b6111acf1e7197b848fe3d746f0d

SHA256
ccf9f645a82eb56dfb41b21dd0a82ddbac944047dbd4b5230899c9ce1389d679

SHA512
f5ba1a4fb9f90e7627544f9c49e3acc71eff7c18f57372ba3386878d9d1534b4291820c4f8a54c47b1a4bf122c5c0aa29f2f972238c8c12f84f3024b48a282cb

Download Submit
\Users\Admin\AppData\Local\Temp\mpjnr.exe

Filesize
7KB

MD5
18cbd1e34e8a4e8458152bb4a411c788

SHA1
e5b9cbdba615b6111acf1e7197b848fe3d746f0d

SHA256
ccf9f645a82eb56dfb41b21dd0a82ddbac944047dbd4b5230899c9ce1389d679

SHA512
f5ba1a4fb9f90e7627544f9c49e3acc71eff7c18f57372ba3386878d9d1534b4291820c4f8a54c47b1a4bf122c5c0aa29f2f972238c8c12f84f3024b48a282cb

Download Submit
\Users\Admin\AppData\Local\Temp\mpjnr.exe

Filesize
7KB

MD5
18cbd1e34e8a4e8458152bb4a411c788

SHA1
e5b9cbdba615b6111acf1e7197b848fe3d746f0d

SHA256
ccf9f645a82eb56dfb41b21dd0a82ddbac944047dbd4b5230899c9ce1389d679

SHA512
f5ba1a4fb9f90e7627544f9c49e3acc71eff7c18f57372ba3386878d9d1534b4291820c4f8a54c47b1a4bf122c5c0aa29f2f972238c8c12f84f3024b48a282cb

Download Submit