e72abeefc0524e0ee6164ade280201d7bbdc773dff9b916273a6a3dfc7335d9b

Analysis

max time kernel
75s
max time network
93s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
Size

238KB
MD5

03d12e33d354e68c8808b7209ff48830
SHA1

7adecd76ff6b4242f4f275f0648c40efe38de2cb
SHA256

e72abeefc0524e0ee6164ade280201d7bbdc773dff9b916273a6a3dfc7335d9b
SHA512

bf080d3c2ac2ffbe123c3b6de69f77c6f928d6d167ba839c1d7f1fa515cbb8fc4a40a1beda214faa79a29a7a9810dddcabad35558a13e360fec68fdf1ab9caed
SSDEEP

3072:TgI6nNS2hw6bbqpNSaIJmp8r+E093T1539v1gL/z6NK:TVWwRaaK48rNu1v9gLr68

Score

7^/10

miner

Malware Config

Signatures

Cryptocurrency Miner
Makes network request to known mining pool URL.
miner

Executes dropped EXE 1 IoCs

pid	Process
2956	ActivateDesktop.exe

Loads dropped DLL 2 IoCs

pid	Process
2184	NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
2184	NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2184	NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
2956	ActivateDesktop.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2956	2184	NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe	28
PID 2184 wrote to memory of 2956	2184	NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe	28
PID 2184 wrote to memory of 2956	2184	NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe	28
PID 2184 wrote to memory of 2956	2184	NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2184
- C:\.Trash-100\ActivateDesktop.exe
  C:\.Trash-100\ActivateDesktop.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
b0fe07e1cb7fe95e1d5e41d084d7388e

SHA1
1d1ae0ba2fab1f3d0f4741365dd3e12bd29d97c7

SHA256
b179b470fddfa109903b6b5163f054db1fb1be1ea6c0fade473f8aa78bc9f21f

SHA512
858c0b8db9a40dc5b01e6c9db4e991413b9456b33fefffc20cceff25468aa0500dd42eaf42a745e76b941f1ebc6373e60a7def93a70d123f15020c0db8707a35

Download Submit
C:\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
b0fe07e1cb7fe95e1d5e41d084d7388e

SHA1
1d1ae0ba2fab1f3d0f4741365dd3e12bd29d97c7

SHA256
b179b470fddfa109903b6b5163f054db1fb1be1ea6c0fade473f8aa78bc9f21f

SHA512
858c0b8db9a40dc5b01e6c9db4e991413b9456b33fefffc20cceff25468aa0500dd42eaf42a745e76b941f1ebc6373e60a7def93a70d123f15020c0db8707a35

Download Submit
C:\.Trash-100\db\framework_exe

Filesize
19B

MD5
665009c6d258a06e710ff8c7810f4697

SHA1
abf7abc9bae75e5323a12b1d58336dfe0fd58e22

SHA256
98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

SHA512
a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

Download Submit
C:\.Trash-100\db\version

Filesize
4B

MD5
d33f67c5652acb3fac99b9dc16bea0c1

SHA1
456ecc26a705746349aaee35b187f91a3fa088fc

SHA256
d49308d2181e81230a9badbdae5b3e5065c3427fb5e3276e0e9b5287a9a623a4

SHA512
49f94b370cc9cb59ab168666e18f58dcb6d6f5b801379e28c7c16d016e2afa53e144aba2eb5884d9868c9e918e439bf522888b9ee70accc3dd019dad9e748c96

Download Submit
\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
b0fe07e1cb7fe95e1d5e41d084d7388e

SHA1
1d1ae0ba2fab1f3d0f4741365dd3e12bd29d97c7

SHA256
b179b470fddfa109903b6b5163f054db1fb1be1ea6c0fade473f8aa78bc9f21f

SHA512
858c0b8db9a40dc5b01e6c9db4e991413b9456b33fefffc20cceff25468aa0500dd42eaf42a745e76b941f1ebc6373e60a7def93a70d123f15020c0db8707a35

Download Submit
\.Trash-100\ActivateDesktop.exe

Filesize
238KB

MD5
b0fe07e1cb7fe95e1d5e41d084d7388e

SHA1
1d1ae0ba2fab1f3d0f4741365dd3e12bd29d97c7

SHA256
b179b470fddfa109903b6b5163f054db1fb1be1ea6c0fade473f8aa78bc9f21f

SHA512
858c0b8db9a40dc5b01e6c9db4e991413b9456b33fefffc20cceff25468aa0500dd42eaf42a745e76b941f1ebc6373e60a7def93a70d123f15020c0db8707a35

Download Submit