8247b726b43ca5543b2a04c4e8a7ba12fc1e13a4faa4551aaf3044903548b2c5

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe
Size

153KB
MD5

93dbda4f15c1e347ff3b9e21a75f9ab0
SHA1

616b15fa23a8cb58c2d7c0cb8b0668ebbc730600
SHA256

8247b726b43ca5543b2a04c4e8a7ba12fc1e13a4faa4551aaf3044903548b2c5
SHA512

4cad8f1b76158f792eee9882e0cc80aab2731c3642649752785a41a4a23b8ec980fa84cae5d577719c71cfb9ecc66bda4936999e2d8478f11b4b1c6a885efd9b
SSDEEP

3072:Rrn7CoWd07esc3BUEgiahMdnZylqQFB07Pnae:VCoWd0kSEgiiAZc1B07vae

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2716	wwljcul.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\wwljcul.exe	NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe
File created	C:\PROGRA~3\Mozilla\sdwojsn.dll	wwljcul.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2716	2596	taskeng.exe	29
PID 2596 wrote to memory of 2716	2596	taskeng.exe	29
PID 2596 wrote to memory of 2716	2596	taskeng.exe	29
PID 2596 wrote to memory of 2716	2596	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.93dbda4f15c1e347ff3b9e21a75f9ab0_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2224

C:\Windows\system32\taskeng.exe
taskeng.exe {39BC0570-5F50-4E50-938A-5842279D7593} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\PROGRA~3\Mozilla\wwljcul.exe
  C:\PROGRA~3\Mozilla\wwljcul.exe -anxczaj
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\wwljcul.exe

Filesize
153KB

MD5
a26a9eabdd4b7cb931e53a6f6e26ebc1

SHA1
139091034b3fc04470f5de7f7efcb800d845332b

SHA256
a19fb0ffe64affa83c2548ba24a7ba45e4b377cf9f8361a0254b7775f361a7e9

SHA512
aff434a022f1865a9e5eaad5626a96d7f62799f3bb1ce49326a2249b076752709f162703540c781e504d3eda27f30a624a36c7daf2ffbee18364a0e55d4fecc2

Download Submit
C:\PROGRA~3\Mozilla\wwljcul.exe

Filesize
153KB

MD5
a26a9eabdd4b7cb931e53a6f6e26ebc1

SHA1
139091034b3fc04470f5de7f7efcb800d845332b

SHA256
a19fb0ffe64affa83c2548ba24a7ba45e4b377cf9f8361a0254b7775f361a7e9

SHA512
aff434a022f1865a9e5eaad5626a96d7f62799f3bb1ce49326a2249b076752709f162703540c781e504d3eda27f30a624a36c7daf2ffbee18364a0e55d4fecc2

Download Submit
memory/2224-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2224-1-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2224-2-0x0000000000210000-0x000000000026B000-memory.dmp

Filesize
364KB

Download
memory/2224-7-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2716-15-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2716-16-0x0000000000200000-0x000000000025B000-memory.dmp

Filesize
364KB

Download