834b8345f3c13cb3aac9ac75d9ff1676186c5914e6d9ab5a001659d2854c73be

General

Target

NEAS.8e711c54e330169f84526596e6a09762_JC.exe
Size

511KB
MD5

8e711c54e330169f84526596e6a09762
SHA1

c969b17e52cad259689359c4c3aee13eda437671
SHA256

834b8345f3c13cb3aac9ac75d9ff1676186c5914e6d9ab5a001659d2854c73be
SHA512

5b2cd4ad9ca68001ed2c92620cdedf603da6583f31f7cef911b0d3b519e3ad50d06b96169a0291eef645a2b799a4e90869ee34e9e9e7a5aefe32b3cd89aee457
SSDEEP

12288:H1/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0EuIJBU7m6/elVDjkpr6:H1/aGLDCM4D8ayGM5IJBU7ElVDjkN6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2220	ejasxu.exe

Loads dropped DLL 2 IoCs

pid	Process
1948	NEAS.8e711c54e330169f84526596e6a09762_JC.exe
1948	NEAS.8e711c54e330169f84526596e6a09762_JC.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\ejasxu.exe"	ejasxu.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2220	1948	NEAS.8e711c54e330169f84526596e6a09762_JC.exe	28
PID 1948 wrote to memory of 2220	1948	NEAS.8e711c54e330169f84526596e6a09762_JC.exe	28
PID 1948 wrote to memory of 2220	1948	NEAS.8e711c54e330169f84526596e6a09762_JC.exe	28
PID 1948 wrote to memory of 2220	1948	NEAS.8e711c54e330169f84526596e6a09762_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.8e711c54e330169f84526596e6a09762_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8e711c54e330169f84526596e6a09762_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1948
- C:\ProgramData\ejasxu.exe
  "C:\ProgramData\ejasxu.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
511KB

MD5
8038b4433e245bd338e0e677991eca1f

SHA1
0249b5f9eab942f1dbe0d4d6234a64aecca01174

SHA256
2eae91becc6b4f901685bd4bebc856c5343d336901b6be6a33ce10c6a3a2918c

SHA512
37e91b3e529d2c1f5c9704f5a071b3ca021e9789553fa5f0ec30b8f8334d01a2492a2fb4d7a08af7f2a8816cefc58ff940028c7cb89a6c1ac22597be7c6df15a

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
255KB

MD5
f351898b5ba2d709e4d73d3160071029

SHA1
5bddf9621650635913bea3f15cb0f7108a09079e

SHA256
22972cfc5b13ea8cedef1adca83358f89fea716b3e775bd70553ed44ef04e668

SHA512
c9c680f93577ca853d9db3d9b84d16a43c1986c95d3bfc4ff3bbbafaa585cf6ee6ada6da6e86cea529e817f39e4e98d78c1ad99069aa417514ef5bab735ccf88

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
255KB

MD5
f351898b5ba2d709e4d73d3160071029

SHA1
5bddf9621650635913bea3f15cb0f7108a09079e

SHA256
22972cfc5b13ea8cedef1adca83358f89fea716b3e775bd70553ed44ef04e668

SHA512
c9c680f93577ca853d9db3d9b84d16a43c1986c95d3bfc4ff3bbbafaa585cf6ee6ada6da6e86cea529e817f39e4e98d78c1ad99069aa417514ef5bab735ccf88

Download Submit
C:\ProgramData\ejasxu.exe

Filesize
256KB

MD5
86ff1b6706c30755715bc603b1e884f5

SHA1
5ac1d0264ea0b29db9b1d733b7df0e2ed2fe9a72

SHA256
c2e31d757e189eb35f0ebb681ee1386bfd7287f9b2cff96bcda434ad4e8db822

SHA512
7a0f9f941245e862facaa53b6d77048556c56a456058fe783d84f2073619664ff07b59fb66e8de1a31ea98fad3110795f732572746e88a8ab9451857bcbf3f05

Download Submit
C:\ProgramData\ejasxu.exe

Filesize
256KB

MD5
86ff1b6706c30755715bc603b1e884f5

SHA1
5ac1d0264ea0b29db9b1d733b7df0e2ed2fe9a72

SHA256
c2e31d757e189eb35f0ebb681ee1386bfd7287f9b2cff96bcda434ad4e8db822

SHA512
7a0f9f941245e862facaa53b6d77048556c56a456058fe783d84f2073619664ff07b59fb66e8de1a31ea98fad3110795f732572746e88a8ab9451857bcbf3f05

Download Submit
C:\ProgramData\ejasxu.exe

Filesize
256KB

MD5
86ff1b6706c30755715bc603b1e884f5

SHA1
5ac1d0264ea0b29db9b1d733b7df0e2ed2fe9a72

SHA256
c2e31d757e189eb35f0ebb681ee1386bfd7287f9b2cff96bcda434ad4e8db822

SHA512
7a0f9f941245e862facaa53b6d77048556c56a456058fe783d84f2073619664ff07b59fb66e8de1a31ea98fad3110795f732572746e88a8ab9451857bcbf3f05

Download Submit
\ProgramData\ejasxu.exe

Filesize
256KB

MD5
86ff1b6706c30755715bc603b1e884f5

SHA1
5ac1d0264ea0b29db9b1d733b7df0e2ed2fe9a72

SHA256
c2e31d757e189eb35f0ebb681ee1386bfd7287f9b2cff96bcda434ad4e8db822

SHA512
7a0f9f941245e862facaa53b6d77048556c56a456058fe783d84f2073619664ff07b59fb66e8de1a31ea98fad3110795f732572746e88a8ab9451857bcbf3f05

Download Submit
\ProgramData\ejasxu.exe

Filesize
256KB

MD5
86ff1b6706c30755715bc603b1e884f5

SHA1
5ac1d0264ea0b29db9b1d733b7df0e2ed2fe9a72

SHA256
c2e31d757e189eb35f0ebb681ee1386bfd7287f9b2cff96bcda434ad4e8db822

SHA512
7a0f9f941245e862facaa53b6d77048556c56a456058fe783d84f2073619664ff07b59fb66e8de1a31ea98fad3110795f732572746e88a8ab9451857bcbf3f05

Download Submit
memory/1948-12-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2220-102-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/2220-148-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/2220-221-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads