Overview

overview

8

Static

static

3

NEAS.0e639...JC.exe

windows7-x64

8

NEAS.0e639...JC.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2023 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.0e63954735112ce4b0d63d7ece0949f0_JC.exe

  • Size

    329KB

  • MD5

    0e63954735112ce4b0d63d7ece0949f0

  • SHA1

    f17087dad5aec81e9a56bfb6a16b19fe3176b534

  • SHA256

    89678122a73bb2fa5e80e46b2eeedcf3f389fe260b23b91d91c53cb6d8efee4e

  • SHA512

    642e75067f8ccd7f94f66dc6af58a9a2bec8c90b59c0246c01441cc4d5dc58261d587c618e6970a293265ceeb93fcc5a92210a65d1143417f2f5c8a51a151807

  • SSDEEP

    6144:dFZOSgIhBBQERJpJBQHEJVLiRz96fUjt7vVOGhDRfFYnOOkw7:Lo4vQ4JWHLz96uvV5bqnOO1

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.0e63954735112ce4b0d63d7ece0949f0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0e63954735112ce4b0d63d7ece0949f0_JC.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2192
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {BD3F5CE3-9AE4-4D02-A6A3-93E1DA3F3358} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\PROGRA~3\Mozilla\wwljcul.exe
      C:\PROGRA~3\Mozilla\wwljcul.exe -anxczaj
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\wwljcul.exe
    Filesize

    329KB

    MD5

    4adabc9e134bf2a6834d531afcfbdf54

    SHA1

    a7fda30ff69a8d4de2dc260ed28198d46ad4461c

    SHA256

    d7f3b62260a6c84b8cea582fb33a276592a6e18dc75412e53830e603e4d77492

    SHA512

    4ab45ade39779a903c954c7957ba5c787be844ad617196a61abd441b07f5a78af0514d66c2c4e40e1f6595c6a6ebfe0aebc57411ca47a8eed3b21a6feb21c7ff

    Download Submit

  • C:\PROGRA~3\Mozilla\wwljcul.exe
    Filesize

    329KB

    MD5

    4adabc9e134bf2a6834d531afcfbdf54

    SHA1

    a7fda30ff69a8d4de2dc260ed28198d46ad4461c

    SHA256

    d7f3b62260a6c84b8cea582fb33a276592a6e18dc75412e53830e603e4d77492

    SHA512

    4ab45ade39779a903c954c7957ba5c787be844ad617196a61abd441b07f5a78af0514d66c2c4e40e1f6595c6a6ebfe0aebc57411ca47a8eed3b21a6feb21c7ff

    Download Submit

  • memory/2192-0-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2192-1-0x00000000002F0000-0x000000000034B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2192-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2640-10-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2640-11-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2640-17-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download