Overview

overview

8

Static

static

3

NEAS.1852a...JC.exe

windows7-x64

8

NEAS.1852a...JC.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2023 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.1852a1e6aba7a4815f1d860ea11349a0_JC.exe

  • Size

    215KB

  • MD5

    1852a1e6aba7a4815f1d860ea11349a0

  • SHA1

    9e589f47564d95cc1481893730cb77bd0fcf3c14

  • SHA256

    d1873bec82e12f55460dddb7c59497b69693237e25fdd64035c75a2b5c32bf2c

  • SHA512

    54d428ecd60350113e81b0bbdd2039f4a4653b38fe054f5c1ffd300268511d97c727f486e55543129378b9b9b45cf95814cf9f58a53d0a451c70451bf2b004e8

  • SSDEEP

    3072:XIVjBRGC+KhV3IIlPBlXTQ4NIFUecXmyopLrThn4aXTpPkSZo7NwrzPurif5zu/:aloiyIlPBlXTZIi/yT5MAqWrDQi2

Score
8/10
persistence

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.1852a1e6aba7a4815f1d860ea11349a0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1852a1e6aba7a4815f1d860ea11349a0_JC.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2876
  • C:\PROGRA~3\Mozilla\axfniqh.exe
    C:\PROGRA~3\Mozilla\axfniqh.exe -pdtylqd
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\axfniqh.exe
    Filesize

    216KB

    MD5

    8c81ed86b34568be56c446b973afc9c6

    SHA1

    49fd75ff47c2623f97ffd0c295518cacf953534b

    SHA256

    d852b00c4a15bf2fdb25618ddfc5500c078bb8f99f14aa2ac4d4730ffdede53a

    SHA512

    05641a8380ca7c863578c0e270585f8fa1129ad354a0caa7f899d995bd4538d55ce93e53312a3f4393ac43a8efadfbf2f647310b2d3f6b2336f873ee36877e5b

    Download Submit

  • C:\ProgramData\Mozilla\axfniqh.exe
    Filesize

    216KB

    MD5

    8c81ed86b34568be56c446b973afc9c6

    SHA1

    49fd75ff47c2623f97ffd0c295518cacf953534b

    SHA256

    d852b00c4a15bf2fdb25618ddfc5500c078bb8f99f14aa2ac4d4730ffdede53a

    SHA512

    05641a8380ca7c863578c0e270585f8fa1129ad354a0caa7f899d995bd4538d55ce93e53312a3f4393ac43a8efadfbf2f647310b2d3f6b2336f873ee36877e5b

    Download Submit

  • memory/2876-0-0x0000000000640000-0x000000000069B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2876-1-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2876-5-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2876-7-0x0000000000640000-0x000000000069B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4680-8-0x0000000000C50000-0x0000000000CAB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4680-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4680-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4680-13-0x0000000000C50000-0x0000000000CAB000-memory.dmp

    Filesize

    364KB

    Download