Analysis
-
max time kernel
121s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
05-11-2023 03:22
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe
-
Size
1.9MB
-
MD5
4f236cbe33d5c3e6f3766b528ccf8780
-
SHA1
574a5537e8f99d227c72a5deddb47eed1939707d
-
SHA256
f6a3b30c8d1af6e47694c4660576634696e36c5b589f5f78bc2089cc6c444341
-
SHA512
3d1982cae813ce7956dc473805554866d8aea3a9ffb5c6cf7c128c86749617f6c7c5daacac56ca2222d6d79b6933226667f174bbbfd609f3b0690ff754510546
-
SSDEEP
24576:MqDqZutOAQS+6moGcmiQo5e2H+LFwnNl6vRszQfRaPQKiK8jvA557//zE9/wF+K:FDpjE3RszQ8IKj7//zEmF+K
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2476 NEAS.4f236cbe33d5c3e6f3766b528ccf8780_JC.exe