Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/10/2023, 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-05_066ae768e4c8353dc1c8dc274dabd059_mafia_JC.exe

  • Size

    384KB

  • MD5

    066ae768e4c8353dc1c8dc274dabd059

  • SHA1

    861da620eabd4d145b96bc6a3334d3ef9d2f8ac1

  • SHA256

    619edafdc10e8260503f27169af7b6c9729c8221d105223320b4dfc1df826ad8

  • SHA512

    f151b0ab32ab4b8f057918bb46cf405a174756846da0e0af323eb1d1fbda775f240902fc5225f0248c647a40dcb786d72400fd64aa774c6f5ca9edd98a8b0bd9

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHMX08k73X/g7IGZ6rsZCpcbxrEKo3otoRpeQsbLe:Zm48gODxbzk08a3MI26Iucbxr0YyRbsG

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_066ae768e4c8353dc1c8dc274dabd059_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_066ae768e4c8353dc1c8dc274dabd059_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3312
    • C:\Users\Admin\AppData\Local\Temp\12A8.tmp
      "C:\Users\Admin\AppData\Local\Temp\12A8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_066ae768e4c8353dc1c8dc274dabd059_mafia_JC.exe 38FC5C95AC201459B5053609D12B9E657D25B1905739C7608FBF3C351AF7B133EA62C88DEA83CBFBE1290DBAB7DE6E6CBCC83BE38333F9EF32C3F9234B80A357
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\12A8.tmp
    Filesize

    384KB

    MD5

    fb42087690231322fff296e99185eea3

    SHA1

    bbbeff4e4a5e2e090b2bf15cf8ab736fb915c360

    SHA256

    b5dd30aa4119224ba6f14c147ea988bf550d0bea724efd303540b3ab2e08dd84

    SHA512

    d8643ad24df106e1f7fcf8a47469cee9fc2ed82b63a736cc60b563a48f55636e0ef14d5721b061904472073aed49767ed127d0d0d2979e2dd07e3b54b2058af2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\12A8.tmp
    Filesize

    384KB

    MD5

    fb42087690231322fff296e99185eea3

    SHA1

    bbbeff4e4a5e2e090b2bf15cf8ab736fb915c360

    SHA256

    b5dd30aa4119224ba6f14c147ea988bf550d0bea724efd303540b3ab2e08dd84

    SHA512

    d8643ad24df106e1f7fcf8a47469cee9fc2ed82b63a736cc60b563a48f55636e0ef14d5721b061904472073aed49767ed127d0d0d2979e2dd07e3b54b2058af2

    Download Submit