Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    23/10/2023, 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-04_77a78f8673a5a45244c62dc5391e7000_mafia_JC.exe

  • Size

    414KB

  • MD5

    77a78f8673a5a45244c62dc5391e7000

  • SHA1

    5dd4613202f8a0928d58b897b015cb3cbc25f3d7

  • SHA256

    aeea91e489d6d5f76170aa2c025deb4e5d6c3c02262a601e6f37f77cd6f58dcf

  • SHA512

    da882a34ea5082cc078a1d82b93269769279adc56b8b38bd01ba73fb14bb8e0e1d3d6b3103ce3389170e6ae62b76e8b6c779684b4843e1f908494a426ff8923e

  • SSDEEP

    12288:Wq4w/ekieZgU6b+rliDsycH1UUjNC92WQplx:Wq4w/ekieH6KrlbJU2yTQpr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-04_77a78f8673a5a45244c62dc5391e7000_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-04_77a78f8673a5a45244c62dc5391e7000_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Users\Admin\AppData\Local\Temp\41F0.tmp
      "C:\Users\Admin\AppData\Local\Temp\41F0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-04_77a78f8673a5a45244c62dc5391e7000_mafia_JC.exe 7281201AF146D0CE72489ECE32ECE6FC44ECEB88FFC298E995751EEB97C620B8078349A8BA28A28386B06A1710C88E7C0BF26CF08548B6CA0467C0E83C9F08A7
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\41F0.tmp
    Filesize

    414KB

    MD5

    6fb3758f0b7fa156708b2d3f7c7295c4

    SHA1

    72e93df311b52e61fad61e54f0e5c46a8224061e

    SHA256

    7f78abe495e2f30024a509d974f861bd99fd0e7a68fd113c05207b506b66a44f

    SHA512

    8588259cbae23b9d2342a662bc3bcd1c5cab664c97d766be2b2e1d025c8e6e11dc4a24f5fea3977b8849b91d086960fc110fb3c96877572222f835ad865d9463

    Download Submit

  • \Users\Admin\AppData\Local\Temp\41F0.tmp
    Filesize

    414KB

    MD5

    6fb3758f0b7fa156708b2d3f7c7295c4

    SHA1

    72e93df311b52e61fad61e54f0e5c46a8224061e

    SHA256

    7f78abe495e2f30024a509d974f861bd99fd0e7a68fd113c05207b506b66a44f

    SHA512

    8588259cbae23b9d2342a662bc3bcd1c5cab664c97d766be2b2e1d025c8e6e11dc4a24f5fea3977b8849b91d086960fc110fb3c96877572222f835ad865d9463

    Download Submit