Overview

overview

7

Static

static

7

NEAS.23e34...JC.exe

windows7-x64

7

NEAS.23e34...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2023 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.23e3413d94481ec0f10a8c1800d139c0_JC.exe

  • Size

    577KB

  • MD5

    23e3413d94481ec0f10a8c1800d139c0

  • SHA1

    017aaef6e9b85bc50ef7f932ae6a3b8f2a6d5884

  • SHA256

    84ce24184429f2b22cda2a4de5eca91f9de00eea3ea929cab3a3397dde0e85cc

  • SHA512

    f44089030f6749585e9937ea29e4f35927fae8753bce88b9aa2841c1b65231e0e53993841cba33136676d8e77ef201b630138debcdcea6cecd6aee9c75340b05

  • SSDEEP

    6144:3+LQwhNI65MY5wH2l3D5YolYvRjf6yl/5JTFw1iKzHk2oGbksEG5iFeeGU:3MQwA65YHWDeXvRjf6YnyixGbkMoLL

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.23e3413d94481ec0f10a8c1800d139c0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.23e3413d94481ec0f10a8c1800d139c0_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4788
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c systeminfo>>C:\Windows\temp\setup_gitlog.txt&ping 8.8.8.8>>C:\Windows\temp\setup_gitlog.txt
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5044
      • C:\Windows\SysWOW64\systeminfo.exe
        systeminfo
        3⤵
        • Gathers system information
        PID:4580
      • C:\Windows\SysWOW64\PING.EXE
        ping 8.8.8.8
        3⤵
        • Runs ping.exe
        PID:552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\temp\setup_gitlog.txt
    Filesize

    33B

    MD5

    346bbdef8e66561ce4c33013160d7c75

    SHA1

    023e40d5eb04b2d7e8346ea0c9a62b05d372abec

    SHA256

    ce357dc9d96cbb6933f7895d5fee9052b72733c2db9fc32b1555761b1bd0c277

    SHA512

    f2fd0412846455ee0f47f9e88192ea4c6ee60c3118be40a44c9b626566652ed46b1c3a0708a7ec6feba7a9cafc61091a2a1c6cb864a99a081bb842625040594f

    Download Submit

  • memory/4788-1-0x0000000000400000-0x0000000001C5C000-memory.dmp

    Filesize

    24.4MB

    Download

  • memory/4788-3-0x0000000000400000-0x0000000001C5C000-memory.dmp

    Filesize

    24.4MB

    Download