1a805d78b044fc48e0e7dd08bf56365b362453cc66fdb18d94ec14af1c6b2155

Analysis

max time kernel
152s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2023 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.773d3c8eb0bde32676cabfd58515584a_JC.exe
Size

932KB
MD5

773d3c8eb0bde32676cabfd58515584a
SHA1

629e063e9a999c8365d3698cf0b6111f17e40a05
SHA256

1a805d78b044fc48e0e7dd08bf56365b362453cc66fdb18d94ec14af1c6b2155
SHA512

0f7807edd271dabf520009181da3316ff5435a9abd1aa1cb06905a0d98e5ce14333f4ab767da77023ea9e171c4e14de1957e476399027ed0e32d715daa7c34fc
SSDEEP

24576:N1/aGLDCM4D8ayGMZo8/0/1MqarGhKb/Dxcsl:CD8ayGMZo3/1MqarGePl

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2444	wssslm.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\wssslm.exe"	wssslm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 2444	3556	NEAS.773d3c8eb0bde32676cabfd58515584a_JC.exe	86
PID 3556 wrote to memory of 2444	3556	NEAS.773d3c8eb0bde32676cabfd58515584a_JC.exe	86
PID 3556 wrote to memory of 2444	3556	NEAS.773d3c8eb0bde32676cabfd58515584a_JC.exe	86

C:\Users\Admin\AppData\Local\Temp\NEAS.773d3c8eb0bde32676cabfd58515584a_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.773d3c8eb0bde32676cabfd58515584a_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\ProgramData\wssslm.exe
  "C:\ProgramData\wssslm.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
932KB

MD5
ab82811672449924c45bdbc2e140077e

SHA1
afc31fce43d9769f5b362cf5940790fb883448d6

SHA256
4b923e21b9b661b6ead70fb9d36f830f9b9214fcb47ff48bb66dfd5ad03f72f3

SHA512
3583a413696bd4b85060b8665c28bb58959bc85ba62bd329c33fbebcff311387a65be051649f163667a956ae9edd31cdc8f3137834d554e38643a9961741112f

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
477KB

MD5
d148c0d0f1c55849ccc9895b0be13ea5

SHA1
b80c9d14427b54f7b3cd65e2b7711a04832f1fbf

SHA256
5bb38daa3518423a2642ccac0e3d2004fa809b558ca2bf3c9b0e719a75476a58

SHA512
8ea21f0a843dd92679edd9da72c780087fd6eef7d3676bb26a7621d3aaf9908f5e25f48697754d967697388d706a10f55c308a94fdcf7375b14cd9b8ffe46d89

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
477KB

MD5
d148c0d0f1c55849ccc9895b0be13ea5

SHA1
b80c9d14427b54f7b3cd65e2b7711a04832f1fbf

SHA256
5bb38daa3518423a2642ccac0e3d2004fa809b558ca2bf3c9b0e719a75476a58

SHA512
8ea21f0a843dd92679edd9da72c780087fd6eef7d3676bb26a7621d3aaf9908f5e25f48697754d967697388d706a10f55c308a94fdcf7375b14cd9b8ffe46d89

Download Submit
C:\ProgramData\wssslm.exe

Filesize
454KB

MD5
e12960c5327526b0c5db16ed5ba0b0cf

SHA1
43647e410b93b2bf104ed75eb4cc4b71f5ef789a

SHA256
b400e2845ed3245f03c3dc1d65d4b1cc1adcf31dbd03ea8cd2f7d39a00364357

SHA512
47f71915ea4b8cad212d1caf3e2233b4b85a68731a18c11dbfc83b0a7d4e44c519856635d08841a5c3dfe91fa2113a071a2c28ac70094c2a581bd018a4997dff

Download Submit
C:\ProgramData\wssslm.exe

Filesize
454KB

MD5
e12960c5327526b0c5db16ed5ba0b0cf

SHA1
43647e410b93b2bf104ed75eb4cc4b71f5ef789a

SHA256
b400e2845ed3245f03c3dc1d65d4b1cc1adcf31dbd03ea8cd2f7d39a00364357

SHA512
47f71915ea4b8cad212d1caf3e2233b4b85a68731a18c11dbfc83b0a7d4e44c519856635d08841a5c3dfe91fa2113a071a2c28ac70094c2a581bd018a4997dff

Download Submit
memory/2444-71-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/3556-0-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3556-8-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads