ddf38cb1cb63224d322f29f1b25e18e4a122de6635dbab2b58ab0bf1a12b43b0

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2023 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.cd2af698c99e747482030cff214e1460.exe
Size

395KB
MD5

cd2af698c99e747482030cff214e1460
SHA1

b3fac3bd1f6362c69c7e9066ea27cb148694b6ae
SHA256

ddf38cb1cb63224d322f29f1b25e18e4a122de6635dbab2b58ab0bf1a12b43b0
SHA512

4977094ae126b04e0bd756bd7f65c152f4d71746e2c5e5942f931ba1b9fc291d33a451d148f4d9308d38885cdc64196d7b65d36c3b0903c0e5c6db5652744eda
SSDEEP

12288:AjauDReWKbHqjQXzqK94J1CCFS9tWJQ3lI2:ADDwqK94J1CCFS9tWJQh

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
264	ckojnb.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\ckojnb.exe"	ckojnb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 264	3116	NEAS.cd2af698c99e747482030cff214e1460.exe	83
PID 3116 wrote to memory of 264	3116	NEAS.cd2af698c99e747482030cff214e1460.exe	83
PID 3116 wrote to memory of 264	3116	NEAS.cd2af698c99e747482030cff214e1460.exe	83

C:\Users\Admin\AppData\Local\Temp\NEAS.cd2af698c99e747482030cff214e1460.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cd2af698c99e747482030cff214e1460.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3116
- C:\ProgramData\ckojnb.exe
  "C:\ProgramData\ckojnb.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
395KB

MD5
f20c27344b5dfbb54c4dd938e356c9f7

SHA1
4001a161b40a93a23d129af1e691b59a216cbf21

SHA256
0d9c0e6a15cbe42ea81c967b440aea836051b93b66900beff8bf9d4ebf0aca5a

SHA512
3873b201c8eefab78e1ea38d29e20d2ee32f60cd3f42ba1de62023c453a83ce13f861ad0de808e823747fbb40e917bb5c1a23de5a113e5514db181eb730cf02a

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
e80c459f053fdd59ceec0e85a4e8d155

SHA1
e54b69e03838bf5e8029a2670fbcbbf90eac1f11

SHA256
e088559f06b3f4caea1d06fb246da111c4b88d5e81e9f95eaa99f37e1bda9df4

SHA512
719147342d7245a2bc66d4c4b6713064b7a66ad9101cb2d679c4e68a79560970081c843dfa4dfd48d6caec2c42dd0c60a6cdafacadfde513e8b57417d059af9f

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
e80c459f053fdd59ceec0e85a4e8d155

SHA1
e54b69e03838bf5e8029a2670fbcbbf90eac1f11

SHA256
e088559f06b3f4caea1d06fb246da111c4b88d5e81e9f95eaa99f37e1bda9df4

SHA512
719147342d7245a2bc66d4c4b6713064b7a66ad9101cb2d679c4e68a79560970081c843dfa4dfd48d6caec2c42dd0c60a6cdafacadfde513e8b57417d059af9f

Download Submit
C:\ProgramData\ckojnb.exe

Filesize
258KB

MD5
70a0370b6cfc9211bba4825ef3810b1b

SHA1
70c1dc63c621077afa768a6236f3072829db70f0

SHA256
d367dd02bb4be59ed6e729bd9b8c48f2389492d64fd6950ba6ad8f37d3731c43

SHA512
45ad5e7d2ed93876be059418f6ab993285faa5b2bc513d9900179801bee46c7b6f80eecff8ae3ed540c005748335aafe511143973f0c106521cf5bee0d683766

Download Submit
C:\ProgramData\ckojnb.exe

Filesize
258KB

MD5
70a0370b6cfc9211bba4825ef3810b1b

SHA1
70c1dc63c621077afa768a6236f3072829db70f0

SHA256
d367dd02bb4be59ed6e729bd9b8c48f2389492d64fd6950ba6ad8f37d3731c43

SHA512
45ad5e7d2ed93876be059418f6ab993285faa5b2bc513d9900179801bee46c7b6f80eecff8ae3ed540c005748335aafe511143973f0c106521cf5bee0d683766

Download Submit
memory/264-100-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/264-101-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/3116-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads