834b8345f3c13cb3aac9ac75d9ff1676186c5914e6d9ab5a001659d2854c73be

Analysis

max time kernel
179s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8e711c54e330169f84526596e6a09762_JC.exe
Size

511KB
MD5

8e711c54e330169f84526596e6a09762
SHA1

c969b17e52cad259689359c4c3aee13eda437671
SHA256

834b8345f3c13cb3aac9ac75d9ff1676186c5914e6d9ab5a001659d2854c73be
SHA512

5b2cd4ad9ca68001ed2c92620cdedf603da6583f31f7cef911b0d3b519e3ad50d06b96169a0291eef645a2b799a4e90869ee34e9e9e7a5aefe32b3cd89aee457
SSDEEP

12288:H1/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0EuIJBU7m6/elVDjkpr6:H1/aGLDCM4D8ayGM5IJBU7ElVDjkN6

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4508	cddadp.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\cddadp.exe"	cddadp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4508	4440	NEAS.8e711c54e330169f84526596e6a09762_JC.exe	88
PID 4440 wrote to memory of 4508	4440	NEAS.8e711c54e330169f84526596e6a09762_JC.exe	88
PID 4440 wrote to memory of 4508	4440	NEAS.8e711c54e330169f84526596e6a09762_JC.exe	88

C:\Users\Admin\AppData\Local\Temp\NEAS.8e711c54e330169f84526596e6a09762_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8e711c54e330169f84526596e6a09762_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4440
- C:\ProgramData\cddadp.exe
  "C:\ProgramData\cddadp.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
511KB

MD5
b7737bbe750b26437b105956f48a51bd

SHA1
c681f25cf87f1e30edfab7567b70c24a1a39ff4a

SHA256
fd33a5711fa80d589dc7e83db4fc9db3e971f89e7a61cf355064422c6d58054c

SHA512
fdfc9da648a402ec8962c00711e59eb3c2c7d975d2b5763d90a1176d2e9f4ff24eba61f4c78d12af744fe5297d73c53c4a25edf747d52b7e5fbbce1003164e11

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
255KB

MD5
f351898b5ba2d709e4d73d3160071029

SHA1
5bddf9621650635913bea3f15cb0f7108a09079e

SHA256
22972cfc5b13ea8cedef1adca83358f89fea716b3e775bd70553ed44ef04e668

SHA512
c9c680f93577ca853d9db3d9b84d16a43c1986c95d3bfc4ff3bbbafaa585cf6ee6ada6da6e86cea529e817f39e4e98d78c1ad99069aa417514ef5bab735ccf88

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
255KB

MD5
f351898b5ba2d709e4d73d3160071029

SHA1
5bddf9621650635913bea3f15cb0f7108a09079e

SHA256
22972cfc5b13ea8cedef1adca83358f89fea716b3e775bd70553ed44ef04e668

SHA512
c9c680f93577ca853d9db3d9b84d16a43c1986c95d3bfc4ff3bbbafaa585cf6ee6ada6da6e86cea529e817f39e4e98d78c1ad99069aa417514ef5bab735ccf88

Download Submit
C:\ProgramData\cddadp.exe

Filesize
256KB

MD5
86ff1b6706c30755715bc603b1e884f5

SHA1
5ac1d0264ea0b29db9b1d733b7df0e2ed2fe9a72

SHA256
c2e31d757e189eb35f0ebb681ee1386bfd7287f9b2cff96bcda434ad4e8db822

SHA512
7a0f9f941245e862facaa53b6d77048556c56a456058fe783d84f2073619664ff07b59fb66e8de1a31ea98fad3110795f732572746e88a8ab9451857bcbf3f05

Download Submit
C:\ProgramData\cddadp.exe

Filesize
256KB

MD5
86ff1b6706c30755715bc603b1e884f5

SHA1
5ac1d0264ea0b29db9b1d733b7df0e2ed2fe9a72

SHA256
c2e31d757e189eb35f0ebb681ee1386bfd7287f9b2cff96bcda434ad4e8db822

SHA512
7a0f9f941245e862facaa53b6d77048556c56a456058fe783d84f2073619664ff07b59fb66e8de1a31ea98fad3110795f732572746e88a8ab9451857bcbf3f05

Download Submit
memory/4440-11-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4508-100-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4508-310-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads