b64615f66025ed8a09c515dc750ea9fe1778f2fc03ceb0681ce51e3af79d407d

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe
Size

51KB
MD5

c352c3a021bf3adde79b7ee62f151d90
SHA1

6332614508d24916c9f61b5009da120510f597be
SHA256

b64615f66025ed8a09c515dc750ea9fe1778f2fc03ceb0681ce51e3af79d407d
SHA512

0265014d6c18d137506306b199eb36665d50c5e9e762f763f71bb0fd2ddb729c2fdaa01a17065b775738cf03e8d287864438da9dac42e7615785e0f5557ec1b3
SSDEEP

1536:2GUiEAJxZMtdEI2MyzNORQtOflIwoHNM2XBFV7WB7lx7+srwZjuq:2GUzKMtdEI2MyzNORQtOflIwoHNM2XBt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1704	joune.exe

Loads dropped DLL 1 IoCs

pid	Process
536	NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
536	NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe
1704	joune.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1704	536	NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe	28
PID 536 wrote to memory of 1704	536	NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe	28
PID 536 wrote to memory of 1704	536	NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe	28
PID 536 wrote to memory of 1704	536	NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c352c3a021bf3adde79b7ee62f151d90_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:536
- C:\Users\Admin\AppData\Local\Temp\joune.exe
  "C:\Users\Admin\AppData\Local\Temp\joune.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\joune.exe

Filesize
51KB

MD5
6cd2218a477f647bf598cf230292dfa8

SHA1
7d0468e99c657e906e1faab0b9b59966ed34b93b

SHA256
a8b92eef2b889297f1e3b0ac1d7e2ef33157cf9bcf413a6081cb755010e2255e

SHA512
8cf1a2316adafc9ee1b456f797e12c0027e885ae1b11341358bc63d6028d0e3e55fcacae813f148f4825c688ff6f0c1ce78fddcea44d45118981ae7b0805ee55

Download Submit
C:\Users\Admin\AppData\Local\Temp\joune.exe

Filesize
51KB

MD5
6cd2218a477f647bf598cf230292dfa8

SHA1
7d0468e99c657e906e1faab0b9b59966ed34b93b

SHA256
a8b92eef2b889297f1e3b0ac1d7e2ef33157cf9bcf413a6081cb755010e2255e

SHA512
8cf1a2316adafc9ee1b456f797e12c0027e885ae1b11341358bc63d6028d0e3e55fcacae813f148f4825c688ff6f0c1ce78fddcea44d45118981ae7b0805ee55

Download Submit
\Users\Admin\AppData\Local\Temp\joune.exe

Filesize
51KB

MD5
6cd2218a477f647bf598cf230292dfa8

SHA1
7d0468e99c657e906e1faab0b9b59966ed34b93b

SHA256
a8b92eef2b889297f1e3b0ac1d7e2ef33157cf9bcf413a6081cb755010e2255e

SHA512
8cf1a2316adafc9ee1b456f797e12c0027e885ae1b11341358bc63d6028d0e3e55fcacae813f148f4825c688ff6f0c1ce78fddcea44d45118981ae7b0805ee55

Download Submit
memory/536-0-0x00000000002E0000-0x00000000002E6000-memory.dmp

Filesize
24KB

Download
memory/536-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/536-1-0x00000000002E0000-0x00000000002E6000-memory.dmp

Filesize
24KB

Download
memory/1704-16-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download