Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2023, 01:18

General

  • Target

    NEAS.2f039ffb5707291711a400bdd6381bb0_JC.dll

  • Size

    3.3MB

  • MD5

    2f039ffb5707291711a400bdd6381bb0

  • SHA1

    66c445a6f1177b8e19512949d7a2a09b5b1651d3

  • SHA256

    cd5651ca3e6ffef051559f323831f41e8211a33c9a39f24c37c42f584075e2b0

  • SHA512

    976d0b26bb5ffe76c309192ba50f7ae91eda84485cc71fcda685445a24f41b6dce5284ef48f738098b1087171a1faabec514015034d893e41079d87bbd910f9f

  • SSDEEP

    24576:ig+4ie5EE2q7xyNAkDc8k4ZMrykGidXTDIn7xCbRmoIbBWc65KCbb+8rhUy:igTv2cs9YykGcUamwKSb+khUy

Score
10/10

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Signatures

  • Strela

    An info stealer targeting mail credentials first seen in late 2022.

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.2f039ffb5707291711a400bdd6381bb0_JC.dll
    1⤵
      PID:1324

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1324-0-0x00000000002A0000-0x00000000002C1000-memory.dmp

      Filesize

      132KB

    • memory/1324-1-0x000000006D7C0000-0x000000006DB10000-memory.dmp

      Filesize

      3.3MB

    • memory/1324-2-0x00000000002A0000-0x00000000002C1000-memory.dmp

      Filesize

      132KB