Overview

overview

8

Static

static

3

NEAS.72481...JC.exe

windows7-x64

8

NEAS.72481...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2023 23:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.72481fd53a5282fb1f0ff737ad749610_JC.exe

  • Size

    327KB

  • MD5

    72481fd53a5282fb1f0ff737ad749610

  • SHA1

    38d903a3db603fa5f6daa08f01ff3f349df569d5

  • SHA256

    10810b7f02a353b96a1e5a56de9c2ec66b736de8a8042eac3adf08fd57034544

  • SHA512

    b08149161a3202a510b5583591a9137838376b93ed33928b79cff77a5faae5756670cf5ed4a42a20a66c5224f1a6892140da5df4d66edd24fd08d3ad46b864ac

  • SSDEEP

    3072:xANA6IMfSLilGMXEVP79SE8pve/RysNPDuIvT4FBDv1KS2jbxWGqJsh:WiMF/X479SEAanPSIv0FB5KSbGqJO

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.72481fd53a5282fb1f0ff737ad749610_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.72481fd53a5282fb1f0ff737ad749610_JC.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2124
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {6EE90A8D-6D8B-495A-BB7F-1543A8B30C80} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\PROGRA~3\Mozilla\kymnayk.exe
      C:\PROGRA~3\Mozilla\kymnayk.exe -dtmxjcd
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\kymnayk.exe
    Filesize

    327KB

    MD5

    d9a1945c59e8811ce4ba98906743b006

    SHA1

    db26099de4b76b8492f219780d0d4dfacc7e37b0

    SHA256

    15587e04996e6009f3370d22c9598e438992accc7afc3319f4e3559a9af47775

    SHA512

    0fab67ef5659959ccd763f146a04fa49cfc2d836968d7b3c2fa61eaf63b61c0d372d3e3df5c41fe7136be3683cb49f8fd229d92f83e6cba35a076147c9fa3973

    Download Submit

  • C:\PROGRA~3\Mozilla\kymnayk.exe
    Filesize

    327KB

    MD5

    d9a1945c59e8811ce4ba98906743b006

    SHA1

    db26099de4b76b8492f219780d0d4dfacc7e37b0

    SHA256

    15587e04996e6009f3370d22c9598e438992accc7afc3319f4e3559a9af47775

    SHA512

    0fab67ef5659959ccd763f146a04fa49cfc2d836968d7b3c2fa61eaf63b61c0d372d3e3df5c41fe7136be3683cb49f8fd229d92f83e6cba35a076147c9fa3973

    Download Submit

  • memory/2124-0-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2124-1-0x0000000001C00000-0x0000000001C5C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2124-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2124-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2656-7-0x0000000000530000-0x000000000058C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2656-8-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2656-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2656-11-0x0000000000530000-0x000000000058C000-memory.dmp

    Filesize

    368KB

    Download