Overview

overview

7

Static

static

3

NEAS.254b1...JC.exe

windows7-x64

7

NEAS.254b1...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2023, 20:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.254b146dacfd9bc816869e68e2e459f0_JC.exe

  • Size

    116KB

  • MD5

    254b146dacfd9bc816869e68e2e459f0

  • SHA1

    1d3e78b745c6d4a4b81cea7ad80a770fe10164f5

  • SHA256

    1b79f36d060c9103c99db3d53cd2fbc771d3d45887e68bddaac9bd37b62fdffb

  • SHA512

    d0d6ab618aed466c363d7f05ffcccf139f8be7459a448d51f67d850c39466573ecd5e5beb1cf313c27a8c5c15d54e2d25b50e89817a0b4424faba6392d18c65a

  • SSDEEP

    3072:/AoAliulHnJBSX1nV1b1N1Il1k1YFI1x1J1MuEqx517Q/1T1Jzct01Nbnl1RRhC6:4SAw6

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.254b146dacfd9bc816869e68e2e459f0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.254b146dacfd9bc816869e68e2e459f0_JC.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:1732

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\microsofthelp.exe
          Filesize

          116KB

          MD5

          b87fcc39e9358a77d5346970ee2df25c

          SHA1

          e99c23c690e048fda9cb44d8a0f75c9d64f26fa9

          SHA256

          b27121785a643790f784b53aa0d2da249d3b97bf26178d7df2d2e2bc9b5709e8

          SHA512

          f6c39a89ae78df02984078a74709ceec7ea3920314841433fb442ea273c2965bd1a9395f12dbddb5aef0372fad597c4bac77538229f83fda9a7aff2e4f6108c2

          Download Submit

        • C:\Windows\microsofthelp.exe
          Filesize

          116KB

          MD5

          b87fcc39e9358a77d5346970ee2df25c

          SHA1

          e99c23c690e048fda9cb44d8a0f75c9d64f26fa9

          SHA256

          b27121785a643790f784b53aa0d2da249d3b97bf26178d7df2d2e2bc9b5709e8

          SHA512

          f6c39a89ae78df02984078a74709ceec7ea3920314841433fb442ea273c2965bd1a9395f12dbddb5aef0372fad597c4bac77538229f83fda9a7aff2e4f6108c2

          Download Submit

        • C:\Windows\microsofthelp.exe
          Filesize

          116KB

          MD5

          b87fcc39e9358a77d5346970ee2df25c

          SHA1

          e99c23c690e048fda9cb44d8a0f75c9d64f26fa9

          SHA256

          b27121785a643790f784b53aa0d2da249d3b97bf26178d7df2d2e2bc9b5709e8

          SHA512

          f6c39a89ae78df02984078a74709ceec7ea3920314841433fb442ea273c2965bd1a9395f12dbddb5aef0372fad597c4bac77538229f83fda9a7aff2e4f6108c2

          Download Submit

        • memory/1732-8-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/1732-10-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2468-0-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2468-7-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download