Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    05-11-2023 03:22

General

  • Target

    NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe

  • Size

    1.9MB

  • MD5

    4f236cbe33d5c3e6f3766b528ccf8780

  • SHA1

    574a5537e8f99d227c72a5deddb47eed1939707d

  • SHA256

    f6a3b30c8d1af6e47694c4660576634696e36c5b589f5f78bc2089cc6c444341

  • SHA512

    3d1982cae813ce7956dc473805554866d8aea3a9ffb5c6cf7c128c86749617f6c7c5daacac56ca2222d6d79b6933226667f174bbbfd609f3b0690ff754510546

  • SSDEEP

    24576:MqDqZutOAQS+6moGcmiQo5e2H+LFwnNl6vRszQfRaPQKiK8jvA557//zE9/wF+K:FDpjE3RszQ8IKj7//zEmF+K

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: RenamesItself
    PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2476-0-0x0000000000400000-0x00000000005D0000-memory.dmp

    Filesize

    1.8MB

  • memory/2476-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2476-2-0x0000000000400000-0x00000000005D0000-memory.dmp

    Filesize

    1.8MB

  • memory/2476-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB