Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2023, 15:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-29_746781e71371cec3a564b562e29a3351_mafia_JC.exe

  • Size

    384KB

  • MD5

    746781e71371cec3a564b562e29a3351

  • SHA1

    b80b62e4998a7e1628d436f9f124329d9c6fa4ee

  • SHA256

    ed4c2ed5e025a2d9684b197f0f417487e9b54be5706c3ca581889d2bc2cbea01

  • SHA512

    50274c337b1b70457362c618a768a92a6987c52d0e7c2a93c9a0c0b6ffb536b06647a5c52e7b83d50a399146641cb182ed3ba6c15df23f2dadd75be90e83d520

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHg5sWZuwJjbCYjOj3FOHvC+CSuzosvsWlB6Z:Zm48gODxbzNWZuwhNG3qvCqTWSZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-29_746781e71371cec3a564b562e29a3351_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-29_746781e71371cec3a564b562e29a3351_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\9128.tmp
      "C:\Users\Admin\AppData\Local\Temp\9128.tmp" --pingC:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-29_746781e71371cec3a564b562e29a3351_mafia_JC.exe D3B5F8A701E06CC62FCF11A5AA8D38FEE2F8B5A7C18BCA531E4A2C3B34856738CFF213EEB962A13E6BEFABEC22EAA228A4C0F60236AD03F078CFA82809C613AA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2872

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\9128.tmp
          Filesize

          384KB

          MD5

          8e0eee273a94827ea0a9904c5df8c27a

          SHA1

          bdc5491b7e1704c0bb438fd2afaac088e9a43c8d

          SHA256

          5059160714cd184e790b872c943125cf6d3550d808344019851f74c9b3a6c41f

          SHA512

          ac67bc1a470ef8741a45d335ca53a28d995070981499cf90ed6cdc9b7795a51e884595fc57eae798e352ea749aa4f42719b52ed4c7c87f0f11b9aac8faf5018c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\9128.tmp
          Filesize

          384KB

          MD5

          8e0eee273a94827ea0a9904c5df8c27a

          SHA1

          bdc5491b7e1704c0bb438fd2afaac088e9a43c8d

          SHA256

          5059160714cd184e790b872c943125cf6d3550d808344019851f74c9b3a6c41f

          SHA512

          ac67bc1a470ef8741a45d335ca53a28d995070981499cf90ed6cdc9b7795a51e884595fc57eae798e352ea749aa4f42719b52ed4c7c87f0f11b9aac8faf5018c

          Download Submit