04ec86cc4cde6c42a1291b81b681bd1ae15f93a9b696cd79c6382d5d8402f8bf

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 09:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe
Size

82KB
MD5

85532f1e1166f1b8b1499ac93cc99e20
SHA1

94e3ec70daa0316624fb958cf4d7176a0be5a0f2
SHA256

04ec86cc4cde6c42a1291b81b681bd1ae15f93a9b696cd79c6382d5d8402f8bf
SHA512

2868be99f4b328cd551c9ca1b156f950bd4075b4d4ff4927bde0a5fac441b48700924d98ca14aa73e3e3c3a56319f5ec19e5b9729b073d98e24cdbc03cf5493f
SSDEEP

1536:tdFfoZe6MPMOIN5mEzTjFLW9Ovoh2ZyY0kpc4wgjNZLnqg:tdFfC1LvN5mEHjkOgEAxkpYgjJ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1704	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe

Executes dropped EXE 1 IoCs

pid	Process
1704	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe

Loads dropped DLL 1 IoCs

pid	Process
536	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
536	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
536	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe
1704	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1704	536	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe	29
PID 536 wrote to memory of 1704	536	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe	29
PID 536 wrote to memory of 1704	536	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe	29
PID 536 wrote to memory of 1704	536	NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:536
- C:\Users\Admin\AppData\Local\Temp\NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe

Filesize
82KB

MD5
f3774560319020b9bb9350118fecdc9e

SHA1
1738f9746297156974cb8023a27bc8f4cfbb808d

SHA256
0b557b5d53f9221e3245102bb5c06631b72943ef01e2d40d5e8f8693c68ec51b

SHA512
1d2022649add67d86c8356e6520b19d8c2a26409ffc07f4a43eea910c223e3b0eac6e778b4663a22b4e51587c480c0ce87f8847fedd0822fec7f82c4a38ddfd1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.85532f1e1166f1b8b1499ac93cc99e20_JC.exe

Filesize
82KB

MD5
f3774560319020b9bb9350118fecdc9e

SHA1
1738f9746297156974cb8023a27bc8f4cfbb808d

SHA256
0b557b5d53f9221e3245102bb5c06631b72943ef01e2d40d5e8f8693c68ec51b

SHA512
1d2022649add67d86c8356e6520b19d8c2a26409ffc07f4a43eea910c223e3b0eac6e778b4663a22b4e51587c480c0ce87f8847fedd0822fec7f82c4a38ddfd1

Download Submit
memory/536-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/536-1-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/536-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/536-12-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download
memory/536-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1704-17-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/1704-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1704-24-0x0000000000230000-0x000000000024B000-memory.dmp

Filesize
108KB

Download
memory/1704-29-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download