Overview

overview

10

Static

static

3

NEAS.37134...JC.exe

windows7-x64

10

NEAS.37134...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-11-2023 03:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.3713465ce08212f6a1b0d303a3c9df30_JC.exe

  • Size

    135KB

  • MD5

    3713465ce08212f6a1b0d303a3c9df30

  • SHA1

    239202d20329ffd607aad4e206a71763e0c5e7d9

  • SHA256

    225e4c3742b05d7fdacb010e7389d0ab78c1bc8ecbd8c404b24869fdb759daf9

  • SHA512

    4458b03761e21d2ae69727613217aa18ae97ceb51df2cd2b97334c42297d1855dc11cd559f8aa6cce2ab80727c2f8f90cfe0d0ff0e00f3acd5de0af9fc18ffee

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVHr0:UVqoCl/YgjxEufVU0TbTyDDalN0

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.3713465ce08212f6a1b0d303a3c9df30_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3713465ce08212f6a1b0d303a3c9df30_JC.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2072
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2024
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3312
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:916
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    c7896b87f0876058fe96408ad663026d

    SHA1

    fc607c46d479e57be4e375f735cb7a49c7c05f9d

    SHA256

    7eb5c44fce6a42653b65709b203e257294b7e31d62ea692fa10b4a5b8359fe8c

    SHA512

    d9b161eacfa3e3f46df7b07a08c770289cbea36a7fa6be52d6be3d44b65c6ddbc39174135decc7c830d78a51816ec27be203a48925e3c3d18d49c42edbd19cf9

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0013fa4b44d7a06e2a2f53a1d52bbcf2

    SHA1

    dfb74fa276ff422b73628fc29057d8651874f8f1

    SHA256

    020b933fe897d45393b975dfb288e816fc0326647a07f7047a234690e39cc1e6

    SHA512

    9bdf8eab75a097dedaa4a9946ea6cdd8fd944daea14125e83dab47a8dcc11aea267d3035305731e567813d33c572f586fabef48cac07539cd36e1ae8791072c4

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0013fa4b44d7a06e2a2f53a1d52bbcf2

    SHA1

    dfb74fa276ff422b73628fc29057d8651874f8f1

    SHA256

    020b933fe897d45393b975dfb288e816fc0326647a07f7047a234690e39cc1e6

    SHA512

    9bdf8eab75a097dedaa4a9946ea6cdd8fd944daea14125e83dab47a8dcc11aea267d3035305731e567813d33c572f586fabef48cac07539cd36e1ae8791072c4

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0013fa4b44d7a06e2a2f53a1d52bbcf2

    SHA1

    dfb74fa276ff422b73628fc29057d8651874f8f1

    SHA256

    020b933fe897d45393b975dfb288e816fc0326647a07f7047a234690e39cc1e6

    SHA512

    9bdf8eab75a097dedaa4a9946ea6cdd8fd944daea14125e83dab47a8dcc11aea267d3035305731e567813d33c572f586fabef48cac07539cd36e1ae8791072c4

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    65aff9236b094e4f560258560469fced

    SHA1

    eebac26c73128f18061a0623322e88997c518b7e

    SHA256

    c8782029f4e8fff976d2ec31ae5ff7389aaf8126ce8b0c575f38009f55a85566

    SHA512

    6871199a092d397d39fbd1085e0e44986eaab5747a2699dc9284af7128b549a24312911c2325444f964ba0e6759c0281c49fc015486a1a10b24152cff1c3aad6

    Download Submit

  • \??\c:\windows\resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0013fa4b44d7a06e2a2f53a1d52bbcf2

    SHA1

    dfb74fa276ff422b73628fc29057d8651874f8f1

    SHA256

    020b933fe897d45393b975dfb288e816fc0326647a07f7047a234690e39cc1e6

    SHA512

    9bdf8eab75a097dedaa4a9946ea6cdd8fd944daea14125e83dab47a8dcc11aea267d3035305731e567813d33c572f586fabef48cac07539cd36e1ae8791072c4

    Download Submit

  • \??\c:\windows\resources\svchost.exe
    Filesize

    135KB

    MD5

    65aff9236b094e4f560258560469fced

    SHA1

    eebac26c73128f18061a0623322e88997c518b7e

    SHA256

    c8782029f4e8fff976d2ec31ae5ff7389aaf8126ce8b0c575f38009f55a85566

    SHA512

    6871199a092d397d39fbd1085e0e44986eaab5747a2699dc9284af7128b549a24312911c2325444f964ba0e6759c0281c49fc015486a1a10b24152cff1c3aad6

    Download Submit

  • \??\c:\windows\resources\themes\explorer.exe
    Filesize

    135KB

    MD5

    c7896b87f0876058fe96408ad663026d

    SHA1

    fc607c46d479e57be4e375f735cb7a49c7c05f9d

    SHA256

    7eb5c44fce6a42653b65709b203e257294b7e31d62ea692fa10b4a5b8359fe8c

    SHA512

    d9b161eacfa3e3f46df7b07a08c770289cbea36a7fa6be52d6be3d44b65c6ddbc39174135decc7c830d78a51816ec27be203a48925e3c3d18d49c42edbd19cf9

    Download Submit

  • memory/916-36-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1228-32-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2024-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2072-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2072-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3312-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download