Overview

overview

3

Static

static

3

NEAS.03bae...JC.exe

windows7-x64

1

NEAS.03bae...JC.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    160s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/11/2023, 18:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.03baea843c425317f511f418ebd285d0_JC.exe

  • Size

    212KB

  • MD5

    03baea843c425317f511f418ebd285d0

  • SHA1

    57da268589ee5e70225499bbb801055bc5fb2db4

  • SHA256

    f57d0aa963166bb5410084a688db6f63fc768741f90740a9dc09203737d68b51

  • SHA512

    087e376e0cdd099029e3a374ac9e65b2d83ace73e484edd5a2bc70f67244219c7645c4baf3c7ad94800e61a3e87792d635a4f0dc39216bf8d6b150e528bce28f

  • SSDEEP

    3072:GTJE+ICUQRMhMFjfoPDpwT039Zc0HZwxI5YUA2h+D+5dOIWF79sTYio/Hr8r6OY3:GTc3MZ2/39ZnZ4UKyDOIY9skio/L4A

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.03baea843c425317f511f418ebd285d0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.03baea843c425317f511f418ebd285d0_JC.exe"
    1⤵
      PID:3176
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 560
        2⤵
        • Program crash
        PID:5056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3176 -ip 3176
      1⤵
        PID:2816
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:1960
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2944

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
                Filesize

                16KB

                MD5

                de9ada48a9e296cf68aa9b13de76f32b

                SHA1

                54378e0e99a1db0bf26fc287e841a819127a865a

                SHA256

                04d674a38644902624c0c27c29878c788eb640199a3c68debf6fc25b09b1b91b

                SHA512

                8bafe1157bd1818b72a29df51ce665830de12f2762c8b1c4f6ac864bdae873e3e826efda818356d581feae9487d48061141caa02bd0626e6613fca1aa9e151b5

                Download Submit

              • memory/2944-40-0x000001AC19E40000-0x000001AC19E41000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-42-0x000001AC19E40000-0x000001AC19E41000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-33-0x000001AC19E30000-0x000001AC19E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-34-0x000001AC19E30000-0x000001AC19E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-35-0x000001AC19E30000-0x000001AC19E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-36-0x000001AC19E30000-0x000001AC19E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-37-0x000001AC19E30000-0x000001AC19E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-38-0x000001AC19E30000-0x000001AC19E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-39-0x000001AC19E30000-0x000001AC19E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-43-0x000001AC19A70000-0x000001AC19A71000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-32-0x000001AC19E20000-0x000001AC19E21000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-41-0x000001AC19E40000-0x000001AC19E41000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-0-0x000001AC11740000-0x000001AC11750000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2944-44-0x000001AC19A60000-0x000001AC19A61000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-46-0x000001AC19A70000-0x000001AC19A71000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-49-0x000001AC19A60000-0x000001AC19A61000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-52-0x000001AC199A0000-0x000001AC199A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-16-0x000001AC11840000-0x000001AC11850000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2944-64-0x000001AC19BA0000-0x000001AC19BA1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-66-0x000001AC19BB0000-0x000001AC19BB1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-67-0x000001AC19BB0000-0x000001AC19BB1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2944-68-0x000001AC19CC0000-0x000001AC19CC1000-memory.dmp

                Filesize

                4KB

                Download