aff0f8ac7b053278fff741444214703e0b6d734f546a1572269612a69dc5bd0d

Analysis

max time kernel
121s
max time network
157s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04-11-2023 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe
Size

1.1MB
MD5

da1f0e239a5011af1c25d6ae7d2841a0
SHA1

496007341ee18e272b4254b4af4fa3b1fcb61157
SHA256

aff0f8ac7b053278fff741444214703e0b6d734f546a1572269612a69dc5bd0d
SHA512

5377ccb806f401fc5e0e8d261931825c5de721a206218876f40f8e43e0159c086b96d0835a5430854f2f5bc144040f0fb57cd49acbc302cfcda25a7f9ceb5a25
SSDEEP

24576:otEW9gH1dNmfEaWZ6YeIPjBMu837pT7uzLOY:ots1dNmfrLm83FT7uzLO

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2924 set thread context of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	2260	WerFault.exe	29

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2924 wrote to memory of 2260	2924	NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe	29
PID 2260 wrote to memory of 2752	2260	AppLaunch.exe	30
PID 2260 wrote to memory of 2752	2260	AppLaunch.exe	30
PID 2260 wrote to memory of 2752	2260	AppLaunch.exe	30
PID 2260 wrote to memory of 2752	2260	AppLaunch.exe	30
PID 2260 wrote to memory of 2752	2260	AppLaunch.exe	30
PID 2260 wrote to memory of 2752	2260	AppLaunch.exe	30
PID 2260 wrote to memory of 2752	2260	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.da1f0e239a5011af1c25d6ae7d2841a0_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 196
    3⤵
    - Program crash
    PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2260-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-2-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-4-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-6-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-10-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2260-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2260-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads