523d6586745c781ecdfa78ff36a5621854c347e9f57c8aee74801b47ae3d98d6

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 13:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe
Size

93KB
MD5

999e4342468a9eb6c2f8e655a9003d3e
SHA1

0590bb1a4b70132f2b49077b6a34a1a88998c41b
SHA256

523d6586745c781ecdfa78ff36a5621854c347e9f57c8aee74801b47ae3d98d6
SHA512

1ff28e93b3e35119e5569c45d7316b8108181bf1ea0813f6d7a0761982364363705f9ab7e1bceda5272b7635ca1e915092861acea3ac4099dd577550d5b45a0e
SSDEEP

1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh7E:tiAyLN9qa+oEGrWViJSzIR6JJrWNZq

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2648	WwanSvc.exe

Loads dropped DLL 1 IoCs

pid	Process
2108	NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\WwanSvc.exe\" /run"	NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2648	2108	NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe	28
PID 2108 wrote to memory of 2648	2108	NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe	28
PID 2108 wrote to memory of 2648	2108	NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe	28
PID 2108 wrote to memory of 2648	2108	NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.999e4342468a9eb6c2f8e655a9003d3e_JC.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2108
- C:\ProgramData\Update\WwanSvc.exe
  "C:\ProgramData\Update\WwanSvc.exe" /run
  2⤵
  - Executes dropped EXE
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
57d9c51ac5257f67da578a5a9fcbb38f

SHA1
b7382c01240cf5894c79233c1305b0bea99640b5

SHA256
2544c522f7642f42c324c8271f9c3f0032b26e60955c8d5578be1b954bd1b81c

SHA512
5cd355a24ae57651fe40f25043b7c84ea7d84d610449f945d659b558df8c7b99c6c41fb3ea34ec099458937d3f4f80c96c2320a6b75b878df295598425025c8a

Download Submit
\ProgramData\Update\WwanSvc.exe

Filesize
93KB

MD5
57d9c51ac5257f67da578a5a9fcbb38f

SHA1
b7382c01240cf5894c79233c1305b0bea99640b5

SHA256
2544c522f7642f42c324c8271f9c3f0032b26e60955c8d5578be1b954bd1b81c

SHA512
5cd355a24ae57651fe40f25043b7c84ea7d84d610449f945d659b558df8c7b99c6c41fb3ea34ec099458937d3f4f80c96c2320a6b75b878df295598425025c8a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads