599f402ab160957ce22a01bf711d2349868f5b5cc1d799da98d6bffb4d7af29a

Analysis

max time kernel
151s
max time network
154s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
Size

297KB
MD5

c4fdd9d98d466a51d834f83ef9c6b6a0
SHA1

af027efc8881c576505dfd03c5d75780a1e1b173
SHA256

599f402ab160957ce22a01bf711d2349868f5b5cc1d799da98d6bffb4d7af29a
SHA512

ceca3543f21fda53bf67eb919e749d7c1ed861a8a218954d4a51260fcc830d2f1f21724a5cf0df3f373471b6af428a6cfbf0228ad4d02178031c37c2166f1f8f
SSDEEP

6144:uuq1yy/pjnkWcLkONgMDGMHTiLCwKurwdw9mJRQdkAK:y1yc9kWc4u7DGMyCdgmJRC2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/files/0x000700000001564c-5.dat	upx
behavioral1/memory/2936-17-0x0000000000400000-0x0000000000418000-memory.dmp	upx

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\BattleField 1942 cdfix.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\Silent Hill 4_trainer.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\BattleField 1942 + nocd.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\UT2004(cdfix).exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\FlatOut nocd.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\BattleField 1942_cheat.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\DAoC serial.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\Half-Life 2_patch.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\BattleField 1942 cdfix.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\BattleField 1942 + cheat.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File opened for modification	C:\Windows\win32dc\UT2004(cdfix).exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File created	C:\Windows\win32dc\FlatOut_cdfix.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942 + cheat.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2_patch.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File opened for modification	C:\Windows\win32dc\FlatOut nocd.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942_cheat.exe	NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c4fdd9d98d466a51d834f83ef9c6b6a0_JC.exe"
1⤵
- Drops file in Windows directory
PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\BattleField 1942 + cheat.exe

Filesize
300KB

MD5
d3d509d2b1c9cb1809c994056397eee6

SHA1
1a56edbb6d188fa45184f4eb848bcec1032f909b

SHA256
a48c6cd30cc216555ff6c7b1f81959058818508f3b8a36a4ba225f5bc1dc98c9

SHA512
8f39ff43023bea6b42fabc3ae92893af329d9442b533a25d5820b58af6a08b6ef69d6406dab8294cb8e4865b315c1bcf4a85010205562e83af4843d6e2f40b0d

Download Submit
memory/2936-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2936-17-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads