Analysis
-
max time kernel
147s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
01-11-2023 14:18
General
-
Target
NEAS.bae0fac75a078d31e24fec4c92025290.exe
-
Size
370KB
-
MD5
bae0fac75a078d31e24fec4c92025290
-
SHA1
6669d0df77789b88ee9e419756e4754a02ed6134
-
SHA256
920dfc7879b33498bae81b3d391b24830ee888bbe8ef4f7307a69d391493eb1a
-
SHA512
b1da20b1e8f1fdbde1f38d10ea6a98fa21857443cc8dd24fc19cca5aab35da8ae8a774eaccae3f8e6f33458652863fb75fb75f2638404d64ffa188fe5868475f
-
SSDEEP
6144:9bpGtfoVtScw2RCgrzItQB2bpGtfoVtScw:TGtAtScw3qEKBYGtAtScw
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 2 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 34 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies registry class 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.bae0fac75a078d31e24fec4c92025290.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.bae0fac75a078d31e24fec4c92025290.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\CJIAI.EXE"C:\Program Files (x86)\CJIAI.EXE"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Enumerates connected drives
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
371KB
MD56ea93b70147cad3cb0b1cd7bd03910d2
SHA17d17a5fd4af118946772b0def4a561ac5cb86392
SHA25670312220bc808eafd1d6e28c9287873aa8b6229945b567de83a59ea8f57df46a
SHA5126eaedcc1b4bfa14617de761e57a8fd5f1309c896fb685cab2295b05630140900b301a0a1623a06f4ca5101eab6a6637dd6c3938d41e7e52776219c658ab39628
-
Filesize
371KB
MD56ea93b70147cad3cb0b1cd7bd03910d2
SHA17d17a5fd4af118946772b0def4a561ac5cb86392
SHA25670312220bc808eafd1d6e28c9287873aa8b6229945b567de83a59ea8f57df46a
SHA5126eaedcc1b4bfa14617de761e57a8fd5f1309c896fb685cab2295b05630140900b301a0a1623a06f4ca5101eab6a6637dd6c3938d41e7e52776219c658ab39628
-
Filesize
371KB
MD51356b22c5f919fb6b3ef26ce9e967275
SHA11ad266e9e99f683d610902fb953940787515f6a1
SHA256be05e2e6231a95f64e256b16502d9eeba5f3cb405867557e6385511d49986487
SHA51202c4485a5e13b300b42ff49c1a8236ec1c5129608b8a8b603e69015af4ad4d5fda381a368f78889c04574f70c9608c700c2cf7efdb51474bbdbc864277aea56f
-
Filesize
315B
MD5ef29fa2a3a2fe2f4f009c5764657d559
SHA103a23d7a4cb3f86efac3d3840d195843d30d2a5e
SHA256dd10ff1e7032ef1a23d9a8d6f243d138b5b5a792665d05a246356ddae0480bd8
SHA512435f67f631db8074a12ea7d0b00ca3d02ebaf4020255e5659afa54818c36573241c3da4e97ac1951c6ce6c03b8506e5275236cf896fd1e8a041165472c37e4a0
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
4KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
4KB
-
Filesize
440KB