6b499d508133114166ecdd80e706bdfc9fbd300d734b98b52d33a61d3438be8e

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02-11-2023 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe
Size

87KB
MD5

17bcfa395cf27bb1ea49b4fd71a06f40
SHA1

97f3927c3992ffb07fee31798b248da1d50cd1b4
SHA256

6b499d508133114166ecdd80e706bdfc9fbd300d734b98b52d33a61d3438be8e
SHA512

a1ae949028bd6e9e8dc8f9c0f61626e19d69df2252217af2f72ef4a67a77c8031e06e336c43ce31048c1f9794faf5e9a791f749c2856447413c952bcac552de6
SSDEEP

768:dxDDnyAiIbhn+oRTaFSxjORUh6EDFAnAL+7DUdjaYoCMHosadujaOnNP0mPefoC8:dxDDnd1RaqOrsdSCM+qvGTeT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2772	hcbnaf.exe

Loads dropped DLL 1 IoCs

pid	Process
2024	NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2772	2024	NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe	28
PID 2024 wrote to memory of 2772	2024	NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe	28
PID 2024 wrote to memory of 2772	2024	NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe	28
PID 2024 wrote to memory of 2772	2024	NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.17bcfa395cf27bb1ea49b4fd71a06f40_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
  "C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
  2⤵
  - Executes dropped EXE
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe

Filesize
87KB

MD5
72c88fdd40f789924bdf3d4578628797

SHA1
18567ffbe7959126969384861b9e06c70034938c

SHA256
afc83418b554e01b771f48358904016f389b391fc308805cb7fc843632e0cf3d

SHA512
c865f3cc25b49b92f3b179c598b9f3c6055f5b27ff1d8379b634d7016cb5ddf32b32907e86dc7ea599ab1907f88779a4dae5643898d2347eb73bc2528e552fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe

Filesize
87KB

MD5
72c88fdd40f789924bdf3d4578628797

SHA1
18567ffbe7959126969384861b9e06c70034938c

SHA256
afc83418b554e01b771f48358904016f389b391fc308805cb7fc843632e0cf3d

SHA512
c865f3cc25b49b92f3b179c598b9f3c6055f5b27ff1d8379b634d7016cb5ddf32b32907e86dc7ea599ab1907f88779a4dae5643898d2347eb73bc2528e552fde

Download Submit
\Users\Admin\AppData\Local\Temp\hcbnaf.exe

Filesize
87KB

MD5
72c88fdd40f789924bdf3d4578628797

SHA1
18567ffbe7959126969384861b9e06c70034938c

SHA256
afc83418b554e01b771f48358904016f389b391fc308805cb7fc843632e0cf3d

SHA512
c865f3cc25b49b92f3b179c598b9f3c6055f5b27ff1d8379b634d7016cb5ddf32b32907e86dc7ea599ab1907f88779a4dae5643898d2347eb73bc2528e552fde

Download Submit
memory/2024-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2024-2-0x0000000000330000-0x0000000000334000-memory.dmp

Filesize
16KB

Download
memory/2024-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2024-7-0x0000000001FC0000-0x0000000001FD5000-memory.dmp

Filesize
84KB

Download
memory/2024-14-0x0000000001FC0000-0x0000000001FD5000-memory.dmp

Filesize
84KB

Download
memory/2772-11-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2772-12-0x0000000000230000-0x0000000000234000-memory.dmp

Filesize
16KB

Download
memory/2772-13-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download