Overview

overview

10

Static

static

1

NEAS.1acb0...JC.exe

windows7-x64

10

NEAS.1acb0...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2023, 02:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.1acb0815cbf6c4f14be2a5e1be03dac0_JC.exe

  • Size

    152KB

  • MD5

    1acb0815cbf6c4f14be2a5e1be03dac0

  • SHA1

    ae3fe61517baec8ffd2dffe51730bad4342ff03d

  • SHA256

    34a4dbf3e94f9fd662e17301cdbdd74a0409d3fd3a0f0ea277c1db94e3b41130

  • SHA512

    fa0314aa561291166ef16a4ae19836be892ca79eeb88b23caf6e39b0b1b56e9e69b48bb3f80441d6dd75b500714b5f4befe6df2637f47f5837ac545c424e398e

  • SSDEEP

    3072:fic5BRJWPoHxVzto9dZZTt2yxD/9YqOnSXcr7jv4:fic5bqJAG/9YN8q

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.1acb0815cbf6c4f14be2a5e1be03dac0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1acb0815cbf6c4f14be2a5e1be03dac0_JC.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:2092

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1DAE.tmp
          Filesize

          564B

          MD5

          4ba4e86accd290196654455bda682585

          SHA1

          ca3deffb4701fb1e799f3078548d0f3cb2abc8d2

          SHA256

          b6c917fcecf4a574558a7757785fdc7421c6d47b5be35ceade84485ee884b00d

          SHA512

          80bdfe8afd0ec3ea0355a3a15b3f2e214d8fd36193e9ad55a1a262278e4261dda6a799654c7bc935337fdb81cc67c1907edd535c36eb632dc07b3560021011b3

          Download Submit

        • C:\Windows\AppPatch\svchost.exe
          Filesize

          152KB

          MD5

          f6f87129c933a2cb613d5f9146751b71

          SHA1

          33a5b3c3daa4c4ac1c81a80b6da03d854012a085

          SHA256

          36940327ccf98a7d53a3f54d1142f3ee0c03c5c91253bb8927a0dc7be4535a91

          SHA512

          ebd03f701a04f5d763890be50bf0f10e0266ec7537d423be579aea262791426c111f00caaa315d39a8197d4ba86078cef003671a69ebefa77cdf4d7cb62bd802

          Download Submit

        • C:\Windows\AppPatch\svchost.exe
          Filesize

          152KB

          MD5

          f6f87129c933a2cb613d5f9146751b71

          SHA1

          33a5b3c3daa4c4ac1c81a80b6da03d854012a085

          SHA256

          36940327ccf98a7d53a3f54d1142f3ee0c03c5c91253bb8927a0dc7be4535a91

          SHA512

          ebd03f701a04f5d763890be50bf0f10e0266ec7537d423be579aea262791426c111f00caaa315d39a8197d4ba86078cef003671a69ebefa77cdf4d7cb62bd802

          Download Submit

        • C:\Windows\apppatch\svchost.exe
          Filesize

          152KB

          MD5

          f6f87129c933a2cb613d5f9146751b71

          SHA1

          33a5b3c3daa4c4ac1c81a80b6da03d854012a085

          SHA256

          36940327ccf98a7d53a3f54d1142f3ee0c03c5c91253bb8927a0dc7be4535a91

          SHA512

          ebd03f701a04f5d763890be50bf0f10e0266ec7537d423be579aea262791426c111f00caaa315d39a8197d4ba86078cef003671a69ebefa77cdf4d7cb62bd802

          Download Submit

        • \Windows\AppPatch\svchost.exe
          Filesize

          152KB

          MD5

          f6f87129c933a2cb613d5f9146751b71

          SHA1

          33a5b3c3daa4c4ac1c81a80b6da03d854012a085

          SHA256

          36940327ccf98a7d53a3f54d1142f3ee0c03c5c91253bb8927a0dc7be4535a91

          SHA512

          ebd03f701a04f5d763890be50bf0f10e0266ec7537d423be579aea262791426c111f00caaa315d39a8197d4ba86078cef003671a69ebefa77cdf4d7cb62bd802

          Download Submit

        • \Windows\AppPatch\svchost.exe
          Filesize

          152KB

          MD5

          f6f87129c933a2cb613d5f9146751b71

          SHA1

          33a5b3c3daa4c4ac1c81a80b6da03d854012a085

          SHA256

          36940327ccf98a7d53a3f54d1142f3ee0c03c5c91253bb8927a0dc7be4535a91

          SHA512

          ebd03f701a04f5d763890be50bf0f10e0266ec7537d423be579aea262791426c111f00caaa315d39a8197d4ba86078cef003671a69ebefa77cdf4d7cb62bd802

          Download Submit

        • memory/2092-22-0x00000000002E0000-0x0000000000326000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2092-28-0x00000000002E0000-0x0000000000326000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2092-50-0x0000000000400000-0x0000000000454000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2092-49-0x0000000002300000-0x000000000234A000-memory.dmp

          Filesize

          296KB

          Download

        • memory/2092-19-0x0000000000400000-0x0000000000454000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2092-20-0x00000000002E0000-0x0000000000326000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2092-34-0x0000000002300000-0x000000000234A000-memory.dmp

          Filesize

          296KB

          Download

        • memory/2092-24-0x00000000002E0000-0x0000000000326000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2092-26-0x00000000002E0000-0x0000000000326000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2092-17-0x0000000000400000-0x0000000000454000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2092-30-0x00000000002E0000-0x0000000000326000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2092-32-0x0000000002300000-0x000000000234A000-memory.dmp

          Filesize

          296KB

          Download

        • memory/2092-35-0x0000000002300000-0x000000000234A000-memory.dmp

          Filesize

          296KB

          Download

        • memory/2092-36-0x0000000002300000-0x000000000234A000-memory.dmp

          Filesize

          296KB

          Download

        • memory/2956-0-0x0000000000400000-0x0000000000454000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2956-2-0x0000000000400000-0x0000000000454000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2956-18-0x0000000000400000-0x0000000000454000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2956-15-0x0000000000230000-0x0000000000269000-memory.dmp

          Filesize

          228KB

          Download

        • memory/2956-1-0x0000000000230000-0x0000000000269000-memory.dmp

          Filesize

          228KB

          Download