Overview

overview

7

Static

static

3

NEAS.438ba...JC.exe

windows7-x64

7

NEAS.438ba...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/11/2023, 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.438ba14180cb699bd3ba6eb128982720_JC.exe

  • Size

    77KB

  • MD5

    438ba14180cb699bd3ba6eb128982720

  • SHA1

    b061e432e41c4704295188e9aeb05a30a11d4e72

  • SHA256

    df250726f2dd2ee9f75c53a841de46a6359ddc9ac1520cdf67130e10bb9f661f

  • SHA512

    9935e95ba5b7672c9a9f9c281ec357ff3473cf77b03732c55f2c2e60cd2fdc79f9da214eeb40465f4022bb143ec105b93edf73004c90250f9ff0881fc850fa53

  • SSDEEP

    1536:nYD9AdC7dbcshaw44bamXpWKPwYRxiiyaECHAX5mROMwOMQER:YD687nz44bHAKPwYRcie0ROfOSR

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.438ba14180cb699bd3ba6eb128982720_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.438ba14180cb699bd3ba6eb128982720_JC.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3476
    • \??\c:\users\admin\appdata\local\temp\winlngon.exe
      c:\users\admin\appdata\local\temp\winlngon.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RCXAA69.tmp
    Filesize

    76KB

    MD5

    caee07ef49dcf772797408bf7be431a5

    SHA1

    daf82aaad7de4c9a3acea7aeda117c5b965873c5

    SHA256

    6e3760e91a80576c1989f937f181575583d9227a9b53ee8ff66f928076fe53ee

    SHA512

    aaf75ae24106b231eda82869f7ed8b50b1861456ac41ce0163c5b92572541594bdfefc272802d0449206c5b615d3549b9f4aab1ac37e993435e584b7ecefb01d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\winlngon.exe
    Filesize

    77KB

    MD5

    4626c4d97bc8d2d887684b41ac7211a6

    SHA1

    6b3968b2b46c0dfb6093b3bc486b3a74b3e87d40

    SHA256

    671f32ed3b5ca74e76ddc6077158c83b4dbd61aa0c6c345a6d3780ec679026e8

    SHA512

    fbb473ed00441b3e7308b33bb9ee4326d6b15cd350020cfd2f7ddb246c5d1af0dab547ab60b18df384bba619aa1bf3a756e2f62355b4ce7fb388aaff1a2c59ab

    Download Submit

  • \??\c:\users\admin\appdata\local\temp\winlngon.exe
    Filesize

    77KB

    MD5

    4626c4d97bc8d2d887684b41ac7211a6

    SHA1

    6b3968b2b46c0dfb6093b3bc486b3a74b3e87d40

    SHA256

    671f32ed3b5ca74e76ddc6077158c83b4dbd61aa0c6c345a6d3780ec679026e8

    SHA512

    fbb473ed00441b3e7308b33bb9ee4326d6b15cd350020cfd2f7ddb246c5d1af0dab547ab60b18df384bba619aa1bf3a756e2f62355b4ce7fb388aaff1a2c59ab

    Download Submit