Overview

overview

7

Static

static

3

NEAS.6bd71...JC.exe

windows7-x64

7

NEAS.6bd71...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.6bd7186ea709488ffcff71b4ce5f6330_JC.exe

  • Size

    93KB

  • MD5

    6bd7186ea709488ffcff71b4ce5f6330

  • SHA1

    621f5f7b19d49d0ad1c380d47d8917eeeea5bc20

  • SHA256

    5ac20093b6437de6d0a01060b499c95bcdafb059b838d36a20452d104e79270c

  • SHA512

    dce4c230fa7c909750ef253c46a97cea40b16f690f4c924874803f0bfcf248d7ada2d77a88a59269e941226a5a876a8703d29529680f580e31c8868b74285acd

  • SSDEEP

    1536:PGYU/W2/HG6QMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7eY:PfU/WF6QMauSuiWNi9CO+WARJrWNZ8Y

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.6bd7186ea709488ffcff71b4ce5f6330_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.6bd7186ea709488ffcff71b4ce5f6330_JC.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\ProgramData\Update\wuauclt.exe
      "C:\ProgramData\Update\wuauclt.exe" /run
      2⤵
      • Executes dropped EXE
      PID:844
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\NEAS.6bd7186ea709488ffcff71b4ce5f6330_JC.exe" >> NUL
      2⤵
      • Deletes itself
      PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Update\wuauclt.exe
    Filesize

    93KB

    MD5

    12bb4cfea62a91baa81a58f6963fa431

    SHA1

    13f069eade967b40203af0155771f9f3f3285a98

    SHA256

    7c3897e89f59454cad0e3df09c052f9af39662874d73b65089014c0435dd5f6a

    SHA512

    579aaff7e6808a0f9fd4939603c5995d8725fa1a3a08b5cc8ecb6ec0e7858fefbd729caac443dd4291507ff4da1dae920c2bb661915bdd7442af5f73434f840a

    Download Submit

  • \ProgramData\Update\wuauclt.exe
    Filesize

    93KB

    MD5

    12bb4cfea62a91baa81a58f6963fa431

    SHA1

    13f069eade967b40203af0155771f9f3f3285a98

    SHA256

    7c3897e89f59454cad0e3df09c052f9af39662874d73b65089014c0435dd5f6a

    SHA512

    579aaff7e6808a0f9fd4939603c5995d8725fa1a3a08b5cc8ecb6ec0e7858fefbd729caac443dd4291507ff4da1dae920c2bb661915bdd7442af5f73434f840a

    Download Submit