Overview

overview

7

Static

static

3

NEAS.84293...JC.exe

windows7-x64

7

NEAS.84293...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-11-2023 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.84293006a6338d5a54efc92975f488f0_JC.exe

  • Size

    23KB

  • MD5

    84293006a6338d5a54efc92975f488f0

  • SHA1

    79d485aba715ea282183065ffd04307ad91a112c

  • SHA256

    50709b8f592b36e66c402991278ae9949bed8cc8344b61d2eeec034b192d78fa

  • SHA512

    92edb6c469597fc44f044d0695c56c99a0181b2d71cb93adffcfa3c4a9179195ed44e6d3c2334cccc627a6d8b4035f1aefd2c5640b238ae683e6a0c856b8028b

  • SSDEEP

    384:W6CpSYp0ai1jf4eVFra8w1oOBkYgRIPZtN8nIFyBL:W67xaGjAer2kYOwD2IYd

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.84293006a6338d5a54efc92975f488f0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.84293006a6338d5a54efc92975f488f0_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Users\Admin\AppData\Local\Temp\ffengh.exe
      "C:\Users\Admin\AppData\Local\Temp\ffengh.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ffengh.exe
    Filesize

    23KB

    MD5

    58d7167a4fb405a90d3a6525954d5de7

    SHA1

    d6f34a885a00c77773d866b82b0ae3aa5d1d9199

    SHA256

    519ff9e4b0f1074ff30baad2765a4e1b3cbaad415c3224b3665c74d6be74c809

    SHA512

    e6e896789eb614c9d40280e99c8433a568b7d3c05df212feb3755423fc7fdb3447ebe9a6398d4fca880332ed0df80e52713ed948cdf0920ff5b950dacd6fe938

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ffengh.exe
    Filesize

    23KB

    MD5

    58d7167a4fb405a90d3a6525954d5de7

    SHA1

    d6f34a885a00c77773d866b82b0ae3aa5d1d9199

    SHA256

    519ff9e4b0f1074ff30baad2765a4e1b3cbaad415c3224b3665c74d6be74c809

    SHA512

    e6e896789eb614c9d40280e99c8433a568b7d3c05df212feb3755423fc7fdb3447ebe9a6398d4fca880332ed0df80e52713ed948cdf0920ff5b950dacd6fe938

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ffengh.exe
    Filesize

    23KB

    MD5

    58d7167a4fb405a90d3a6525954d5de7

    SHA1

    d6f34a885a00c77773d866b82b0ae3aa5d1d9199

    SHA256

    519ff9e4b0f1074ff30baad2765a4e1b3cbaad415c3224b3665c74d6be74c809

    SHA512

    e6e896789eb614c9d40280e99c8433a568b7d3c05df212feb3755423fc7fdb3447ebe9a6398d4fca880332ed0df80e52713ed948cdf0920ff5b950dacd6fe938

    Download Submit

  • memory/1768-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1768-9-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download