b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68

General

Target

NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
Size

630KB
MD5

c122c9a2e83a500fbb318a549ae074c2
SHA1

7b77810d4dfcf8659de758a67c3b35731bbc9049
SHA256

b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68
SHA512

1b2a45b728acbf4f8c7a9d4503f64214d1f2044287189cad9b728c8d9058f52dc2b188f13eaba47282442773297cd2b3afb751f923e8e120a6ac76b8f9c0ee8b
SSDEEP

12288:oq2XB60q0dOKymxRNIMXt3ixK5py6fL/zwicoam:oqo6w9ymxRJd3i2py6bzj

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe

pid	process
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe

description pid process

Token: SeDebugPrivilege 2188 NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe

description	pid	process
Token: SeDebugPrivilege	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe"
2⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe"
2⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe"
2⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe"
2⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe"
2⤵
PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2188-0-0x00000000003B0000-0x0000000000454000-memory.dmp

Filesize
656KB

Download
memory/2188-1-0x0000000074190000-0x000000007487E000-memory.dmp

Filesize
6.9MB

Download
memory/2188-2-0x0000000000610000-0x0000000000650000-memory.dmp

Filesize
256KB

Download
memory/2188-3-0x0000000000530000-0x0000000000540000-memory.dmp

Filesize
64KB

Download
memory/2188-4-0x0000000074190000-0x000000007487E000-memory.dmp

Filesize
6.9MB

Download
memory/2188-5-0x0000000000610000-0x0000000000650000-memory.dmp

Filesize
256KB

Download
memory/2188-6-0x0000000000560000-0x0000000000566000-memory.dmp

Filesize
24KB

Download
memory/2188-7-0x00000000005F0000-0x00000000005FA000-memory.dmp

Filesize
40KB

Download
memory/2188-8-0x0000000004E70000-0x0000000004EEC000-memory.dmp

Filesize
496KB

Download
memory/2188-9-0x0000000074190000-0x000000007487E000-memory.dmp

Filesize
6.9MB

Download

description	pid	process	target process
PID 2188 wrote to memory of 1120	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1120	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1120	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1120	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2184	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2184	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2184	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2184	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2020	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2020	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2020	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 2020	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1832	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1832	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1832	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1832	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1732	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1732	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1732	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe
PID 2188 wrote to memory of 1732	2188	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe	NEAS.b7396095e008ad0155c5ca1ec15b3febd04ce95db7ce45b217ecc463f4d95c68exe_JC.exe

Analysis

Sharing