Overview

overview

4

Static

static

1

NEAS.af824...JC.exe

windows7-x64

4

NEAS.af824...JC.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.af824e48bec37c2585effe350e0d1390_JC.exe

  • Size

    1.7MB

  • MD5

    af824e48bec37c2585effe350e0d1390

  • SHA1

    34dba484441e157348dff35020e3072361772d68

  • SHA256

    69d54d87447e4e66ee0260997328eef7daf201571508c9d91947c907248d2db1

  • SHA512

    0b74483feabcc0ecfbad2b4ffc62756e54af102356efec97a2f001f205c7be89864308d2988c7f22806b11c305ecaaaa7ff1ca7a2fd744da506ef535dfb76dd5

  • SSDEEP

    24576:j7FUDowAyrTVE3U5FEe3sUI9I5P/U3j69u/ZEepFGWOHuVJzd7iqx:jBuZrEU4ek9GkT69u/ZEAFGVO7g

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.af824e48bec37c2585effe350e0d1390_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.af824e48bec37c2585effe350e0d1390_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1428
    • C:\Users\Admin\AppData\Local\Temp\is-1I0I0.tmp\NEAS.af824e48bec37c2585effe350e0d1390_JC.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1I0I0.tmp\NEAS.af824e48bec37c2585effe350e0d1390_JC.tmp" /SL5="$501C8,837769,816128,C:\Users\Admin\AppData\Local\Temp\NEAS.af824e48bec37c2585effe350e0d1390_JC.exe"
      2⤵
      • Executes dropped EXE
      PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1I0I0.tmp\NEAS.af824e48bec37c2585effe350e0d1390_JC.tmp
    Filesize

    3.0MB

    MD5

    dfe2f9c005b373a6459641d02d243fdf

    SHA1

    b6231bfdc64aff5e447eae4ccc58928bc5d0f646

    SHA256

    1775db53d8499561f29ad7a47d075f4dffac41fc411a9376db5ae406f6c3bdf0

    SHA512

    bac5d2572e0769b8281bc6955725d8e1b1e214fc12a839cafb1614b75ff2a3cefbb76f644064316e6643f1e1d0be716e4d455bfcc373ffe3f8f1749fe87b8cba

    Download Submit

  • memory/1428-1-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1428-11-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/2736-6-0x0000000002710000-0x0000000002711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2736-13-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2736-14-0x0000000002710000-0x0000000002711000-memory.dmp

    Filesize

    4KB

    Download