Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    21-10-2023 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-07_2765b7e57f8d25e436f1431312274f22_mafia_JC.exe

  • Size

    433KB

  • MD5

    2765b7e57f8d25e436f1431312274f22

  • SHA1

    7167640506d72f2b7a6a428abd2fde186baa65d3

  • SHA256

    54981433f16cc8ec9c597bc1e0d2be9be2b308b4d39263eb784150ec5e7872eb

  • SHA512

    ece908eed4fec087e770e242f9c311b748601f756847bf571f80d26d2c2b9d55023f6f9ff7b5b5303fc7947d0717c81f4bd52b5db3c2b813ab685074f6603769

  • SSDEEP

    12288:Ci4g+yU+0pAiv+rL7BmD0/6XBhd86/MjjnR3yyZj/kFn:Ci4gXn0pD+kDvXDM4yNg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_2765b7e57f8d25e436f1431312274f22_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_2765b7e57f8d25e436f1431312274f22_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Users\Admin\AppData\Local\Temp\3C74.tmp
      "C:\Users\Admin\AppData\Local\Temp\3C74.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_2765b7e57f8d25e436f1431312274f22_mafia_JC.exe AB23153545D2F7090FEC5749869F16BFE0440DE2A4B48ADBBE0E3820EAE357912384AEF7FC15EAD076BF825AFDC2985C6C9FC047F64A353851B7C5D70FC05ED3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3C74.tmp
    Filesize

    433KB

    MD5

    350f6fa1845470b8b15b8f1588e4c2ab

    SHA1

    7b700180a3f464a430a8aac814cc0b814c8291d7

    SHA256

    cc87065e6860eceb50cdce37d70ab23e7d3e45f36a612fe966064b69d08f74ef

    SHA512

    9fba240b9931431c149860701f3177e2100a78afd27b4418471b035fd14c375537506135aec8f25f1a3502bdeb5dbf05a301e16b385ba7d29426a3975a58fd7f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3C74.tmp
    Filesize

    433KB

    MD5

    350f6fa1845470b8b15b8f1588e4c2ab

    SHA1

    7b700180a3f464a430a8aac814cc0b814c8291d7

    SHA256

    cc87065e6860eceb50cdce37d70ab23e7d3e45f36a612fe966064b69d08f74ef

    SHA512

    9fba240b9931431c149860701f3177e2100a78afd27b4418471b035fd14c375537506135aec8f25f1a3502bdeb5dbf05a301e16b385ba7d29426a3975a58fd7f

    Download Submit