Overview

overview

6

Static

static

3

NEAS.b98cb...JC.exe

windows7-x64

6

NEAS.b98cb...JC.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    81s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2023 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b98cb5c1f973e2088498678c7e939fa0_JC.exe

  • Size

    792KB

  • MD5

    b98cb5c1f973e2088498678c7e939fa0

  • SHA1

    b10481a6cb66ac21295b2638e6b369cdf1d090c2

  • SHA256

    b80efa784ad11a77c4399a8f93b9c9a9323769e1c2349d2a0ac0554054588513

  • SHA512

    d5c2261af20aa9ece3cba9c9f878751b0c0d8d4c7e51ca579afb40e7946e50fcdbff4de2c53e0a956affb6030ae968435d6aee04a2280cce3dcb01d6aff60c35

  • SSDEEP

    3072:MGjhaq5iL0beJQZt32wLji5DlsODxRPNDkjJHzW9hUd56JsuBSjwA2i1vP2i1a1+:Hha8iAx+1zwjJHd6vB/ANMf//9

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b98cb5c1f973e2088498678c7e939fa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b98cb5c1f973e2088498678c7e939fa0_JC.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    PID:4944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\AVSCANNER.EXE
    Filesize

    801KB

    MD5

    8be1fb4c9fe91f5ce6224b32d031e876

    SHA1

    d90c2e6eb5c1161c85bb4fcf0c294c1e43e60c1d

    SHA256

    74fa060d1e2a906bef4e629dddd3a1da804e73eeef942b1452dce18fc8aff3dd

    SHA512

    5b96ff67843a0d211b1fe2575d5fede411e99b955578741f492c175b74044dd2f0e98fd9e6b007f25028a8d32ed894a71f534dbb3bf51738722265c04ba36036

    Download Submit

  • memory/4944-0-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4944-7-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download