Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2023 02:56

General

  • Target

    NEAS.49c3b347ca62ccbcc07a3870d4a53de0_JC.exe

  • Size

    711KB

  • MD5

    49c3b347ca62ccbcc07a3870d4a53de0

  • SHA1

    2519a1fe74fb1d6c67fdc7d727324760a830f980

  • SHA256

    d75aae0f91fc9bff9358a0787b2f42dde7ad5c037030f901d7072ef461d79e3c

  • SHA512

    d0a9729a1669af2a93a49369da95c14176fe3562b182af8fd72687b55cf3bc884ab27179a3f1073e59b97552eb36c699091c5cb5a0ae3b8801fd2a06304ff76b

  • SSDEEP

    12288:yoxejOONAM7GUC1Jr+4o628gx2Jw+tP3Jzm8JOyHXC3X+pd167QhEQO:hxY3NtGUmJr+4Obxd+tPZSZyiE6EhE

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

  • FakeAV payload 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.49c3b347ca62ccbcc07a3870d4a53de0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.49c3b347ca62ccbcc07a3870d4a53de0_JC.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/812-0-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

  • memory/812-5-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

  • memory/812-6-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB