870f6bf0618036a37b0f7b9df6243dbf341b1067254f2b4037828ba8df7ab90e

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe
Size

1.1MB
MD5

ab0320fedd507792baaed8ac75f117e0
SHA1

3e289006c146591e3d4a49165c293c4512965750
SHA256

870f6bf0618036a37b0f7b9df6243dbf341b1067254f2b4037828ba8df7ab90e
SHA512

b0d4aa96c1dbbe95a9f46697575bad3918298dedb08a36e18c02a80172ec5f7735fa1d885e4e2fd9aa900d2d88e42d17ca6b1474fddb9b3472f33f5569c48b71
SSDEEP

12288:CpxVPljOD77CT4Vt711OM4OXtrCufEmSU58xVz68inGBuy3fYF3AZAmzHHgkuRJ:YjOD77CT4Vt711Y8rTfEm8r436zng

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2196 set thread context of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2028	1448	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 2196 wrote to memory of 1448	2196	NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe	29
PID 1448 wrote to memory of 2028	1448	AppLaunch.exe	30
PID 1448 wrote to memory of 2028	1448	AppLaunch.exe	30
PID 1448 wrote to memory of 2028	1448	AppLaunch.exe	30
PID 1448 wrote to memory of 2028	1448	AppLaunch.exe	30
PID 1448 wrote to memory of 2028	1448	AppLaunch.exe	30
PID 1448 wrote to memory of 2028	1448	AppLaunch.exe	30
PID 1448 wrote to memory of 2028	1448	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ab0320fedd507792baaed8ac75f117e0_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 196
    3⤵
    - Program crash
    PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1448-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-7-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-9-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1448-5-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-11-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads