Overview

overview

7

Static

static

3

NEAS.c7eaf...JC.exe

windows7-x64

7

NEAS.c7eaf...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 08:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.c7eaf90c1d8848640c5a820c827ee090_JC.exe

  • Size

    183KB

  • MD5

    c7eaf90c1d8848640c5a820c827ee090

  • SHA1

    246e8d750553a97ed93ab0830e28e4750e53fa03

  • SHA256

    356ff70b7ca3aae99bfdf181ef9fea27ab85f11f8f225d85f66a74a40cc176ef

  • SHA512

    3e6da7ad106d7c4f8bfa447ee2f3bae14e76ef81c20c928466540d36a4560e05b146e06e56de5940b58f555462990834b1a3a61df6f19ad9dbe5b61f3baeba71

  • SSDEEP

    3072:mYDDQYmVX9y/vHw4/QljoV43DgvP5pSBlf+ATxbUX9ff1TmrcSQLPuYxS:mYDUVX9KvwpkgBBlfhbUd0LePN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 2 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c7eaf90c1d8848640c5a820c827ee090_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c7eaf90c1d8848640c5a820c827ee090_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\hjxetd.bat
      2⤵
      • Deletes itself
      PID:2648
  • C:\Users\Admin\Modules\Bin\msmsn.exe
    C:\Users\Admin\Modules\Bin\msmsn.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2644

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\hjxetd.bat
          Filesize

          200B

          MD5

          d7b5278e6c09b115bf9412b156f808bf

          SHA1

          cf3f1e0ee537e0f252652ebb32032c10629d020d

          SHA256

          3e59116ef20e1129d717c8e9280177a162b70961a5e8f76c9edd3f626e90a0b7

          SHA512

          10bc519cad707f60fb05fd019a08fecaab9b4102272ca1b4dddb2193ca7a1ec92a6526d1d0019c22ecc021e5e05f439d0635476aa5e1894645aecffb417b9515

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\hjxetd.bat
          Filesize

          200B

          MD5

          d7b5278e6c09b115bf9412b156f808bf

          SHA1

          cf3f1e0ee537e0f252652ebb32032c10629d020d

          SHA256

          3e59116ef20e1129d717c8e9280177a162b70961a5e8f76c9edd3f626e90a0b7

          SHA512

          10bc519cad707f60fb05fd019a08fecaab9b4102272ca1b4dddb2193ca7a1ec92a6526d1d0019c22ecc021e5e05f439d0635476aa5e1894645aecffb417b9515

          Download Submit

        • C:\Users\Admin\Modules\Bin\msmsn.exe
          Filesize

          183KB

          MD5

          643657300f6bb9649b2a1e92fa79ded2

          SHA1

          f522744818ee097e11f3cfbdf44c196d3657f278

          SHA256

          2a672ae3ceea92922f3ef30f1bb9250977e688a6e5f8c669d24c8b1a87a4faf1

          SHA512

          1dd1b323b98e2025bb1b38c29f11bbbddf8e25a992cc0f55795e696f95c9e79c35526d0581a9f58d3c63a5a227538ca444f94e115729daa2b9cb7fe8235e5257

          Download Submit

        • memory/1668-0-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/1668-10-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/1668-19-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2644-20-0x00000000004C0000-0x00000000004DB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2644-27-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download